How to reset User authentication in plugin

[Goyot, Martin]

Hi there,

I'm working on an OAuth2 plugin integration on Jenkins. One question I have in the OAuth2 context and haven't found an answer to in the GitHub or BitBucket plugins is how to force the user through authentication again.

Let me explain the context:

In OAuth2 you're generally given 2 tokens, one short-lived, the Access Token, and one (optional) which lives longer, the Refresh Token which lets you get a new Access Token once the previous one expires. One use case that can appear is that either both (access and refresh) tokens are expired or you don't even have a refresh token. In this case, in the Matrix-based security when we try to check usernames or groupnames we just fail because we get rejected by the OAuth2 server.

In this context, what we'd like to be able to do is that in the loadUserByUsername and loadGroupByGroupname methods of the SecurityRealm we would force the user through re-authentication if we detect his token to be expired/revoked.

Is there a way to do so, have the user go through authentication again before accessing the page ? Some kind of Stapler middleware class ?

Thanks,

Martin

[Goyot, Martin]

Hi there,

still looking into this. Is there a Stappler middleware to write in order to catch requests beforehand ?

Thanks,

Martin