Describe the bug
When an SSO authorization token expires due to inactivity, Specify 7 currently loses application state and may crash if the user attempts a refresh. The crash originates from the identity provider (login.ufl.edu), and Specify does not handle or communicate token expiry in a user-friendly way.
To Reproduce
- Log into Specify 7 using an SSO provider (e.g.,
login.ufl.edu).
- Navigate to a record set and open a Batch Edit or run a Query.
- Leave the app idle until the SSO token expires.
- Attempt any interaction or click Refresh.
- See either a crash or unhandled redirect from the identity provider.
Requirements
- Do not attempt background token renewal or preserve user state on expiry.
- Warn users shortly before their session expires with a dialog allowing them to keep their session alive ("Your session will expire in 5 minutes. Click OK to stay logged in.").
(It would be neat if this hooked into the browser's warning system to bring their attention to the tab).
- On expiry, display a dialog:
“This session has expired. You have been logged out.”
- After acknowledging the dialog, redirect users to the login screen.
Reported By
Warren, University of Florida
Describe the bug
When an SSO authorization token expires due to inactivity, Specify 7 currently loses application state and may crash if the user attempts a refresh. The crash originates from the identity provider (
login.ufl.edu), and Specify does not handle or communicate token expiry in a user-friendly way.To Reproduce
login.ufl.edu).Requirements
(It would be neat if this hooked into the browser's warning system to bring their attention to the tab).
“This session has expired. You have been logged out.”
Reported By
Warren, University of Florida