I use Nextcloud with the OIDC extension, but I must identify me on each connection. Is there a “remeremember me” like feature with OIDC (OpenID Connect Login 2.6.0) ?
Nextcloud version (eg, 20.0.5):
Operating system and version (eg, Ubuntu 20.04):
Apache or nginx version (eg, Apache 2.4.25):
Apache 2.4 on Docker Alpine
PHP version (eg, 7.4):
PHP 8.2 on Docker Alpine
Authentication using an “Identity Provider” (IdP) with OIDC protocol is results in 2 artefacts - one session/cookie from IdP which allows requesting access tokens to access “relying party” (RP) aka application which in turn grants access and issues cookies. Depending on the settings of both applications you session might remain active for long time or end very fast. You should review all the settings and specially double check if your browser keeps cookies issued by your IdP and Nextcloud.
Thanks. But, I don’t know where to search…
If I use OIDC:
I have 3 cookies:
__Host-nc_sameSiteCookielax with expiration on Fri, 31 Dec 2100 23:59:59 GMT
__Host-nc_sameSiteCookiestrict with expiration on Fri, 31 Dec 2100 23:59:59 GMT
authelia_session (my OIDC provider) with expiration on Thu, 14 Sep 2023 14:37:37 GMT
I have also 2 session cookies:
If I don’t use OIDC
nc_session_id with expiration on Sat, 02 Sep 2023 07:20:20 GMT
nc_token with expiration on Sat, 02 Sep 2023 07:20:20 GMT
nc_username with expiration on Sat, 02 Sep 2023 07:20:20 GMT
Is’it normal to don’t have nc_ cookies with an OIDC login ?
I have more cookies even in case of OIDC login… I think it the same set of cookies you have with and without OIDC…
my IdP cookie is not shown here as it runs on another hostname
I think your authelia_session cookie is the one which stores your IdP session. In case your application session expires you just need to tick “login with authelia” and you are granted access to Nextcloud without entering user/password/MFA again…
Yes, it’s shorter than a full login… But it’s always a login :-).
For you, it’s a Authelia issue / misconfiguration or a “OpenID Connect Login” issue / misconfiguration ?
I don’t get your issue… if you don’t want as many login prompts just adjust your session validity…