#StackExchange Custom OAuth Provider session not persisting

I've followed the instructions here to implement an OAuth2 (not OIDC) provider from scratch https://backstage.io/docs/auth/oidc

It's working, but the authorization only persists until refresh. Note that I added "ProfileInfoApi & BackstageIdentityApi & SessionApi" as types in the ref so that I could add it as an Authentication Provider in the user settings, but I don't know that it's actually compatible with those types. Is there something I'm missing?

StackExchange does proivide a "no_expiry" scope, but adding that scope has made no difference.

After signing in and refreshing, the request made to /api/auth/stackexchange/refresh fails with a 401, as do all other providers that aren't already signed in, But other already signed-in providers succeed that request.

@shrewd valley sorry in advance for the ping, I don't want to make a gh issue for it because I'm not confident it's a bug

Would you mind updating to the version that was released today just to be sure?

1.26.4 had a number of auth fixes in it

In a way I think this may be expected if the provider doesn't have refresh tokens.

Saw those - we're a bit behind but I'm working on catching us up, still on 1.23 with old backend. I'll get us up to date and let you know.

Aha, ok. Then maybe postpone that a bit so you don't get more than one potential issue to deal with at the same time 🙂

I guess that makes some sense - can you advise on a way to safely store the no_expiry token and persist the session, or would you straight up advise against that

I'm in EU time zone and not at my computer, but I believe that you may find refresh token handling in some of the other providers if you check their source