Prevent users signing in via Slack from being frequently logged out.
simon-bigsofa opened this issue · 4 comments
Configuration
- Sorcery Version:
0.16.1 - Ruby Version:
3.0.0p0 - Framework:
Rails 6.1.4.1 - Platform:
Mac OS Big Sur
Expected Behavior
Slack don't cache OAuth logins so if a user is logged out of your application they are required to grant approval to your app every time they want to log back in. I want to minimise how often users need to do this so I don't want them logged out unless they actually click the "Log Out" button in my app.
I would expect to be able to increase session_timeout so that users signing in via Slack are not logged out during this time.
Actual Behavior
Users signing in via email/password remain logged in but users signing in via Slack using the external provider are logged out every few minutes. Increasing session_timeout doesn't seem to have any effect and users signing in via Slack are still logged out before the session should have expired (based on the value of session_timeout)
Steps to Reproduce
Set up external submodule as per wiki page https://github.com/Sorcery/sorcery/wiki/External and specify slack as provider
Any ideas why behaviour is different between external logins and email/password logins? How can I get Slack users to stay logged in.
n.b Ran into an invalid_auth error when trying to get Slack sign in working. PR for fix here: #287
Theoretically the timeout stuff should be separate from the OAuth module entirely... That said, I vaguely remember some other issues with timeout cropping up recently.
I'm hoping to do another big push for Sorcery v1 / work on Sorcery in general once I've gotten a personal app I'm working on in a usable state, which will be using Sorcery v1 as the backbone. (long story short, I've been somewhat AWOL when it comes to Sorcery recently, which will be addressed as soon as I can)
Thanks @athix - I'll see if I can figure anything out in the meantime.
False alarm. Issue was at my end and not with Sorcery (misconfigured session store was causing sessions to be "forgotten" every 10 or 15 minutes)
This issue can be closed as Sorcery is behaving as expected.
Glad you found a solution!