Expected behaviour
Using OpenId Connect plugins, ownCloud Desktop clients (both Linux and Windows versions) should not be prompting users to re-authenticate once token_refresh triggers (after ~3-4 hours of operations)
Actual behaviour
Using OpenId Connect plugins, ownCloud Desktop clients (both Linux and Windows versions) are prompting users to re-authenticate once token_refresh triggers
Steps to reproduce
-
Login to ownCloud Desktop client via OpenId Connect Provider (Apereo CAS)
-
Login into ownCloud Desktop client is successful
-
After several hours of operations using the ownCloud Desktop, the login form from OpenId Connect Provider (Apereo CAS) with re-appear asking the user to re-authenticate.
-
The previous version (v.2.8.?) of ownCloud Desktop clients (both Linux and Windows version) were working correctly prior to upgrading to 2.9.x versions (i.e. ownCloud desktop client were not requiring user to re-authenticate every few hours)
-
It should be noted that the ownCloud Android mobile client works correctly using the same OpenId Connect Provider (Apereo CAS)
Server configuration
Operating system:
Linux 5.12.12-gentoo
Web server:
Apache/2.4.48 (Unix)
Database:
mysql-8.0.23
PHP version:
PHP/7.4.19
ownCloud version:
ownCloud 10.8.0 (stable)
Storage backend (external storage):
none
Client configuration
Client version:
ownCloud 2.9.1 (build 5500)
Operating system:
Ubuntu 20.04 LTS
OS language:
Qt version used by client package (Linux only, see also Settings dialog):
Libraries Qt 5.12.10
Client package (From ownCloud or distro) (Linux only):
ownCloud
Installation path of client:
/opt/ownCloud
OpenId Connect Provider (OP) configuration
Operating system:
Apereo CAS - Version 6.4.0
Operating system:
Linux 5.12.12-gentoo
Web server:
Apache/2.4.48 (Unix)
Database:
mysql-8.0.23
Logs
10-21 15:31:38:841 [ info sync.credentials.http ]: Refreshing token
10-21 15:31:38:841 [ info sync.accessmanager ]: 2 "" "https://www.redacted.com/owncloud/status.php" has X-Request-ID "09b4718a-c5f6-4865-a788-a72b52476660"
10-21 15:31:38:841 [ debug sync.cookiejar ] [ OCC::CookieJar::cookiesForUrl ]: QUrl("https://www.redacted.com/owncloud/status.php") requests: (QNetworkCookie("oc_sessionPassphrase=mcuGdVH758WMSyL%2FUQo7SpVspDlhIbBUQXYPVTuJXbbd6XVYR2j0G3Ovgqzb0noI4mVFh6GRU4Zamd8iCMFz76kLNVxaPI%2BBKUsDYgibuoj1wIVfL11zfQaE9ezmMIJh; secure; HttpOnly; domain=www.redacted.com; path=/owncloud"), QNetworkCookie("oc6es4gu9jai=ca2b4irb0pbvji3047ogpls8a6; secure; HttpOnly; domain=www.redacted.com; path=/owncloud"))
10-21 15:31:38:841 [ info sync.httplogger ]: "09b4718a-c5f6-4865-a788-a72b52476660: Request: GET https://www.redacted.com/owncloud/status.php Header: { OC-Connection-Validator: desktop, User-Agent: Mozilla/5.0 (Linux) mirall/2.9.1 (build 5500) (ownCloud, ubuntu-5.4.154-0504154-generic ClientArchitecture: x86_64 OsArchitecture: x86_64), Accept: */*, X-Request-ID: 09b4718a-c5f6-4865-a788-a72b52476660, Original-Request-ID: 09b4718a-c5f6-4865-a788-a72b52476660, Cookie: oc_sessionPassphrase=mcuGdVH758WMSyL%2FUQo7SpVspDlhIbBUQXYPVTuJXbbd6XVYR2j0G3Ovgqzb0noI4mVFh6GRU4Zamd8iCMFz76kLNVxaPI%2BBKUsDYgibuoj1wIVfL11zfQaE9ezmMIJh; oc6es4gu9jai=ca2b4irb0pbvji3047ogpls8a6, } Data: []"
10-21 15:31:38:841 [ info sync.networkjob ]: Created OCC::CheckServerJob("https://www.redacted.com/owncloud/status.php", "09b4718a-c5f6-4865-a788-a72b52476660", "09b4718a-c5f6-4865-a788-a72b52476660") for OCC::OAuth(0x55e4c4d8cdd0)
10-21 15:31:38:841 [ debug sync.networkjob.jobqueue ] [ OCC::JobQueue::block ]: block: 1 "someone@www.redacted.com"
10-21 15:31:38:842 [ info sync.httplogger ]: "15cf18ef-0a36-4418-a7e3-a2433d635bba: Response: PROPFIND 401 https://www.redacted.com/owncloud/remote.php/dav/files/someone/ Header: { Date: Thu, 21 Oct 2021 19:31:38 GMT, Server: Apache, Strict-Transport-Security: max-age=15552000; includeSubDomains, X-Content-Type-Options: nosniff, X-XSS-Protection: 0, X-Robots-Tag: none, X-Frame-Options: SAMEORIGIN, X-Download-Options: noopen, X-Permitted-Cross-Domain-Policies: none, X-Powered-By: PHP/7.4.19, Expires: Thu, 19 Nov 1981 08:52:00 GMT, Cache-Control: no-store, no-cache, must-revalidate, Pragma: no-cache, Content-Security-Policy: default-src 'none';, WWW-Authenticate: Bearer realm=\"ownCloud\", Basic realm=\"ownCloud\", charset=\"UTF-8\", Content-Length: 476, Content-Type: application/xml; charset=utf-8, Via: 1.1 www.redacted.com, Vary: User-Agent, Keep-Alive: timeout=100, max=118, Connection: Keep-Alive, } Data: [<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<d:error xmlns:d=\"DAV:\" xmlns:s=\"http://sabredav.org/ns\">\n <s:exception>Sabre\\DAV\\Exception\\NotAuthenticated</s:exception>\n <s:message>No public access to this resource., No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, Bearer token was incorrect, No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured</s:message>\n</d:error>\n]"
10-21 15:31:38:842 [ debug sync.networkjob.jobqueue ] [ OCC::JobQueue::retry ]: Retry queued OCC::RequestEtagJob("https://www.redacted.com/owncloud/remote.php/dav/files/someone/", "15cf18ef-0a36-4418-a7e3-a2433d635bba", "15cf18ef-0a36-4418-a7e3-a2433d635bba", "Host requires authentication")