Description
Some incorrect settings were introduced in the authentication module production configuration file /wfgen/auth/config.production.js in some previous WorkflowGen releases.
This misconfiguration can affect the proper behavior of token session management when using OpenID Connect authentication with the new WorkflowGen Plus mobile application.
We suggest either upgrading your WorkflowGen to the latest release 7.14.4 in which the issue was resolved (bug #2111), or updating your configuration file with one of the solutions below (according to your version).
Solutions
Release 7.11.x to 7.13.x
Replace the existing token node with the following:
token: {
signingSecret: process.env.ApplicationSecurityAuthSessionTokenSigningSecret,
issuer: process.env.ApplicationSecurityAuthSessionTokenIssuer || `${process.env.ApplicationUrl}/auth`,
audience: process.env.ApplicationSecurityAuthSessionTokenAudience || process.env.ApplicationUrl,
maxAge: process.env.ApplicationSecurityAuthSessionTimeOut
? parseInt(process.env.ApplicationSecurityAuthSessionTimeOut)
: null,
mobileMaxAge: process.env.ApplicationSecurityAuthMobileSessionTimeOut
? parseInt(process.env.ApplicationSecurityAuthMobileSessionTimeOut)
: 7200
}
Release 7.14.0 to 7.14.3
Replace the existing token node with the following:
token: {
signingSecret: process.env.ApplicationSecurityAuthSessionTokenSigningSecret,
issuer: process.env.ApplicationSecurityAuthSessionTokenIssuer || `${getApplicationUrl()}/auth`,
audience: process.env.ApplicationSecurityAuthSessionTokenAudience || process.env.ApplicationUrl,
maxAge: process.env.ApplicationSecurityAuthSessionTimeOut
? parseInt(process.env.ApplicationSecurityAuthSessionTimeOut)
: null,
mobileMaxAge: process.env.ApplicationSecurityAuthMobileSessionTimeOut
? parseInt(process.env.ApplicationSecurityAuthMobileSessionTimeOut)
: 7200
}
Applies to releases
- 7.11.x
- 7.12.x
- 7.13.x
- 7.14.0 to 7.14.3