@@ -2,7 +2,7 @@ One additional feature of this fork of LEAF-Writer compared to the upstream vers
This Keycloak plugin is necessary for two reasons:
1. Keycloak has already a plugin to support GitLab as an identity provider similar to GitHub but this works only with the official gitlab.com-instance. The API between self-managed instances and the official one is identical but obviously a different server has to be called. Our plugin enables this by introducing a field where the URL for the self-hosted GitLab instance can be specified. This URL can even point to the official GitLab instance.
2. Unlike GitHub, access tokens for GitLab instances are only valid for 2 hours. Our Keycloak plugin has a mechanism implemented to renew them if necessary. This mechanism, however, is not perfect. To get a new token, the user has to be still authenticated with the Keycloak server itself. Depending on the session duration set withing Keycloak, the user may get logged out without LEAF-Writer making recurrent requests, signalling that the user is still active. If the user, however, puts the computer e.g. in standby, LEAF-Writer can no longer do this and therefore may not be able to renew the token in time to save still pending changes the user made before e.g. putting the computer into standby. Currently (2025-02-19) there are also some circumstances under which the plugin fails to renew the token if a user has an expired (or maybe expiring) session in one tab and opens a new one in an other tab.
2. Unlike GitHub, access tokens for GitLab instances are only valid for 2 hours. Our Keycloak plugin has a mechanism implemented to renew them if necessary. This mechanism, however, is not perfect. To get a new token, the user has to be still authenticated with the Keycloak server itself. Depending on the session duration set within Keycloak, the user may get logged out without LEAF-Writer making recurrent requests, signalling that the user is still active. If the user, however, puts the computer e.g. in standby, LEAF-Writer can no longer do this and therefore may not be able to renew the token in time to save still pending changes the user made before e.g. putting the computer into standby. Currently (2025-02-19) there are also some circumstances under which the plugin fails to renew the token if a user has an expired (or maybe expiring) session in one tab and opens a new one in an other tab.
The Kecycloak plugin for self-hosted GitLab instances is based on [this plugin for Discord](https://github.com/wadahiro/keycloak-discord/releases) while using the specific logic as found in the GitLab plugin that is part of Keycloak. The token renewal mechanism has been taken from [here](https://gist.github.com/Dreneg/83e0f966eeeaf065e70ba298830d8bce).
