Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

OAuth2 - How to stay signed in from multiple browsers at the same time?

I'm working with a project in Odoo and I have enabled google Sign in. The problem is, when a user tries to log in from different browsers at the same time, only the latest log in session is retained and the older ones are expiring.

For example - I sign in to Odoo using google on chrome and then sign in on Mozilla firefox. At this point if I refresh my page on chrome where I signed in, I will be logged out and will be asked to sign in again but I'm still signed in on firefox.

After a lot of considerations, it came to my mind that probably the old refresh tokens are expiring. However on the official docs, I saw this:

A token might stop working for one of these reasons:

  • The user has revoked access.
  • The token has not been used for six months.
  • The user account has exceeded a certain number of token requests.

If this is not the case then why can't I stay signed in from multiple browsers at the same time? What should I do in order to stay signed in using google from multiple browsers?

Any help would be appreciated!

like image 697
solving12 Avatar asked Aug 28 '15 11:08

solving12


People also ask

What is oath2?

OAuth 2.0, which stands for “Open Authorization”, is a standard designed to allow a website or application to access resources hosted by other web apps on behalf of a user. It replaced OAuth 1.0 in 2012 and is now the de facto industry standard for online authorization.

How long does Google OAuth last?

A Google Cloud Platform project with an OAuth consent screen configured for an external user type and a publishing status of "Testing" is issued a refresh token expiring in 7 days. There is currently a limit of 100 refresh tokens per Google Account per OAuth 2.0 client ID.

Does OAuth require browser?

OAuth 2.0 requires a browser for user consent once A browser is required, so that the user can agree to the request of the app to access the users data. After the user agreed on sharing the data with the app, the app can use the refresh token without a browser based flow.

How does OAuth 2.0 work in REST API?

In OAuth 2.0, the following three parties are involved: The user, who possesses data that is accessed through the API and wants to allow the application to access it. The application, which is to access the data through the API on the user's behalf. The API, which controls and enables access to the user's data.


1 Answers

I don't know much about Odoo but most likely this is due to the policy of odoo that they support login session for an account only from one place (and expire older sessions). I'm sure the same applies to when you sign-in with a password that you will only have one session.

When you use login with Google (or other methods), most of the applications issue their own credentials (cookies etc) and they decide the lifetime of a session (most don't tie these to Google session). I suspect that is what you are experiencing here.

The previous tokens don't become invalid for the same app when a new token is issued (up to a limit roughly 25).

like image 198
nvnagr Avatar answered Oct 03 '22 15:10

nvnagr