Optimize resources during token renewal

[individual-it]

Currently, token renewal bootstraps the whole web client in an iFrame, which is quite costly and takes time with a bad connection. This can result in the page not behaving correctly, especially during long running operations (e.g. uploads) because token renewal takes too long.

We see two possible solutions to this, both require lots of research and changes:

1. Web ships a small standalone Vue application that gets bootstrapped in the iFrame. The challenge here is that it needs the AuthService, the UserManager, router etc. We need to find all involved parts and elaborate how to achieve this. Maybe it's possible to move them to this standalone app and use them in the runtime while removing all the dependencies from the standalone app to Web, so it can be run separately.
2. Make use of the Backends for Frontends (BFF) pattern, moving authentication entirely to the BFF and only having a session cookie in web.

Original issue

Initial Checklist

• I understand this is a bug report and questions should be posted in the Community Discussions
• I searched issues and couldn’t find anything (or linked relevant results below)

Bug Description

When an upload takes too long the user session expires and the user is asked to login again

Reproduction Steps

start a long running upload, wait

Expected Outcome

session should not expire

Actual Outcome

user is requested to login again

[JammingBen]

We had a similar report in the past, but I can't reproduce it. Could you please post details on your exact setup? Also, is it happening when uploading a lot of small files, or a very big file that gets chunked?

[individual-it]

It's when uploading multiple 2-3MB files on a slow connection. To simulate it easier I've throttled the connection in the browser.
here my docker files. I hope I've masked all confidential data. I can provide you a user on the system if that helps.
oc-setup.zip

[JammingBen]

Thanks! Let me first have a look at the setup you provided, and I'll message you in chat if I still need a user :)

[JammingBen]

Tried again today, locally as well as on demo.opencloud.eu, but it works every time for me:

The first bunch of "test" files were uploaded, during the upload the token renewal took place, then the other files were uploaded using a new bearer token.

I'll hit you up in chat for a user.

[kulmann]

@individual-it nobody from the team is able to reproduce the described behaviour so far. Can you try to reproduce it on demo.opencloud.eu or with a fresh opencloud-compose deployment? Any idea what's different in your setup than in the opencloud-compose standard setup?

[individual-it]

@kulmann I just reproduced it on demo.opencloud.eu I got logged out

[JammingBen]

@kulmann I just reproduced it on demo.opencloud.eu I got logged out

But this now looks unrelated to an upload? And the behavior is different, because in your initial issue, you had this popup asking you if you really want to leave the page.

Did it just happen after a while this time? Looks like you did a PROPFIND on a space which failed because the renewal failed in the first place.

[individual-it]

Not sure if this is the same issue or not, but on demo.opencloud.eu we saw:

1. two requests to renew tokens are send to keycloak
2. a PROPFIND is send before any upload finished and that receives a 401
3. the upload hangs

differences so far between demo and my instance are:

• OpenCloud 3.70 vs 4.0.0-rc1
• I don't use any keycloak

[individual-it]

reproduced the same behavior as on my instance using https://github.com/opencloud-eu/opencloud-compose
just throttle the upload e.g. to "Regular 3G" in Firefox and upload some big files