diff --git a/backend/src/identity/oidc/oidc.service.ts b/backend/src/identity/oidc/oidc.service.ts index 26a04422d..eb96d48ed 100644 --- a/backend/src/identity/oidc/oidc.service.ts +++ b/backend/src/identity/oidc/oidc.service.ts @@ -9,6 +9,7 @@ import { InternalServerErrorException, NotFoundException, } from '@nestjs/common'; +import { Cron } from '@nestjs/schedule'; import { Client, generators, Issuer, UserinfoResponse } from 'openid-client'; import appConfiguration, { AppConfig } from '../../config/app.config'; @@ -43,10 +44,7 @@ export class OidcService { @Inject(appConfiguration.KEY) private appConfig: AppConfig, ) { - this.initializeAllClients(); - // TODO The previous line should be regularly called again (@nestjs/cron?). - // If the HedgeDoc instance is running for a long time, - // the OIDC metadata or keys might change and the client needs to be reinitialized. + this.updateClientConfigs(); this.logger.setContext(OidcService.name); this.logger.debug('OIDC service initialized', 'constructor'); } @@ -54,7 +52,7 @@ export class OidcService { /** * Initializes clients for all OIDC configurations by fetching their metadata and storing them in the clientConfigs map. */ - private initializeAllClients(): void { + private updateClientConfigs(): void { this.authConfig.oidc.forEach((oidcConfig) => { this.fetchClientConfig(oidcConfig) .then((config) => { @@ -62,9 +60,9 @@ export class OidcService { }) .catch((error) => { this.logger.error( - `Failed to initialize OIDC client "${oidcConfig.identifier}": ${String(error)}`, + `Failed to update OIDC client config "${oidcConfig.identifier}": ${String(error)}`, undefined, - 'initializeClient', + 'updateClientConfigs', ); }); }); @@ -110,6 +108,12 @@ export class OidcService { }; } + // Update all client configs every sunday on 3:30 AM + @Cron('30 3 * * 0') + handleCronUpdateClientConfigs(): void { + this.updateClientConfigs(); + } + /** * Generates a secure code verifier for the OIDC login. *