Chris Coutinho
5eec34c17e
feat(auth): implement refresh token rotation for Nextcloud OIDC
Add support for one-time use refresh tokens with automatic rotation
to align with Nextcloud OIDC security model.
Changes:
- TokenBrokerService improvements:
- Add user_id parameter to refresh methods
- Detect and store rotated refresh tokens
- Add offline_access scope to token requests
- Handle refresh token rotation on every use
- Add management API endpoints:
- /api/v1/webhooks (GET/POST) - List/create webhooks
- /api/v1/webhooks/{id} (DELETE) - Delete webhook
- /api/v1/search (POST) - Unified search
- /api/v1/chunk-context (GET) - Get chunk context
- /api/v1/apps (GET) - List installed apps
- Update tests for refresh token rotation
- Add --headed flag to pytest for Playwright debugging
Benefits:
- Aligns with Nextcloud OIDC one-time refresh token model
- Prevents refresh token invalidation after first use
- Enables long-lived background operations
- Provides full webhook lifecycle management
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-18 00:01:53 +01:00
..
2025-12-08 01:09:02 +01:00
2025-11-23 00:33:32 +01:00
2025-11-17 06:48:43 +01:00
2025-10-24 04:38:49 +02:00
2025-11-23 00:33:32 +01:00
2025-11-20 02:37:07 +01:00
2025-10-25 19:28:35 +02:00
2025-11-16 11:16:05 +01:00
2025-11-10 02:07:45 +01:00
2025-10-25 19:52:45 +02:00
2025-11-09 05:53:53 +01:00
2025-10-24 04:38:49 +02:00
2025-12-18 00:01:53 +01:00
2025-11-05 21:58:52 +01:00
2025-11-11 20:35:08 +01:00
2025-11-12 00:37:26 +01:00