ronnibaslund/dezky
1
0
Fork 0
Code Issues 37 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

feat(ocis): persistent sessions + flat primary surfaces
ci / typecheck (map[dir:apps/booking name:booking]) (push) Has been cancelled
Details
ci / typecheck (map[dir:apps/portal name:portal]) (push) Has been cancelled
Details
ci / typecheck (map[dir:apps/website name:website]) (push) Has been cancelled
Details
ci / typecheck (map[dir:services/platform-api name:platform-api]) (push) Has been cancelled
Details
ci / test (push) Has been cancelled
Details

Browse Source 
- Request offline_access for the ocis-web client (WEB_OIDC_SCOPE) so the web
  SPA gets a refresh token and renews silently instead of dropping the session
  (no surprise logouts; the "no permission to upload" symptom was the
  expired-token state). The ocis-provider already has the offline_access scope
  mapping; its access-token validity is bumped 5m → 1h (refresh 30d).
- Flatten the remaining brand gradients in index.html: the active sidebar
  highlight (.oc-background-primary-gradient) and primary buttons
  (.oc-button-primary-filled) are now solid carbon (text stays light/readable).
- Document the offline_access + token-validity provider settings in
  AUTHENTIK-SETUP.md (the provider lives in Authentik's DB, not git).
This commit is contained in:
Ronni Baslund
2026-06-07 12:34:26 +02:00
parent 8a9fd36f33
commit 65a68ee126
3 changed files with 17 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
infrastructure/docker-compose/configs/ocis/web-core/index.html
+1 -1
View File
@@ -79,7 +79,7 @@
<link rel="modulepreload" crossorigin="" href="./js/chunks/NoContentMessage-BpxTDAzR.mjs"/>
<link rel="modulepreload" crossorigin="" href="./js/chunks/SearchBarFilter-On9swWiz.mjs"/>
<link rel="stylesheet" crossorigin="" href="./assets/style-D1bLdTZ9.css"/>
<style id="dezky-overrides">.versions{display:none!important}</style></head>
<style id="dezky-overrides">.versions{display:none!important}.oc-background-primary-gradient,.oc-button-primary-filled{background:var(--oc-color-swatch-primary-gradient)!important}.oc-background-primary-gradient:hover:not([disabled]),.oc-background-primary-gradient:focus:not([disabled]),.oc-button-primary-filled:hover:not([disabled]),.oc-button-primary-filled:focus:not([disabled]){background:var(--oc-color-swatch-primary-gradient-hover)!important}</style></head>
<body>
<div id="splash-incompatible" class="splash-banner splash-hide">
<div class="oc-card oc-border oc-rounded oc-width-large oc-text-center">
infrastructure/docker-compose/docker-compose.yml
+5
View File
@@ -326,6 +326,11 @@ services:
PROXY_TLS: "false" # Traefik terminates TLS; OCIS speaks plain HTTP internally
OCIS_OIDC_ISSUER: https://auth.dezky.local/application/o/ocis/
WEB_OIDC_CLIENT_ID: ocis-web
# Request offline_access so the web client gets a refresh token and renews
# silently instead of dropping the session (no surprise logouts). The
# ocis-provider already has the offline_access scope mapping + a 30-day
# refresh validity; default scope is "openid profile email".
WEB_OIDC_SCOPE: openid profile email offline_access
PROXY_AUTOPROVISION_ACCOUNTS: "true"
PROXY_USER_OIDC_CLAIM: preferred_username
PROXY_USER_CS3_CLAIM: username