Following an upgrade to 3.3, configuring the site to use the core OAuth 2 Services for Google logins results in sessions timing out in around 90 seconds or so.
Prior to upgrade: 3.1.7, with auth_googleoauth2 plugin (many users using it).
Upgraded to 3.3. My upgrade script copied across the auth/googleoauth2 directory and the site came up correctly using it. After logging in and performing various functionality tests, I went to Site Administration -> Server -> OAuth 2 Services and created a Google service. I initially copied the client ID and secret from the old plugin's configuration. I got green checkmarks for Configured, Allow login and Discovery.
Next, I went to Site Administration -> Plugins -> Authentication -> Manage authentication, enabled OAuth 2 and disabled OAuth2. I was immediately logged out, so I logged back in via the "Log in using your account on . . Google" button. As expected, I was sent an email with a link to confirm that I owned the existing account, and once I'd pasted the URL and confirmed it, I had access.
That was when the pain started. Within 90 seconds, my session expired. I couldn't even edit a short forum post before being logged out. Essentially, it is impossible to do anything before the session times out.
I have tried all the following:
* Updated Site Administration -> Server -> Session handling -> Timeout to 3 hours. (After being timed out once while doing so).
* Cleared all site-related cookies in my browser (Firefox).
* Exited the browser and restarted
* Completely rebooted the server.
* Logged in from a different machine, using Chrome rather than Firefox.
* Edited the Google API client ID - it was set up with two authorised redirect URI's:
- /auth/googleoauth2/google_redirect.php (for the googleoauth2 plugin)
- /admin/oauth2callback.php (for the new core OAuth 2 support)
and so I removed the outdated first redirect URI, rebooted server yet again and cleared cookies.
Nothing worked. Within about a minute, I start to get error messages ("web service not available", "draft could not be saved", "Could not connect to the server.", etc.) and the session times out.
I've gone back to the old googleoauth2 plugin for the time being, as most of my users prefer to authenticate via OAuth2. I've been switching back and forth between the two authentication systems by enabling and disabling the plugins and have not uninstalled the googleoauth2 plugin or deleted the auth/googleoauth2 directory and am reluctant to do so because I have many users authenticating via Google accounts.
I've read various posts here about OAuth 2 problems, but nothing has suggested a fix so far. Any suggestions are welcome!
--- Les