diff --git a/doc/sources/admin/variables.rst b/doc/sources/admin/variables.rst
index 7609bb75c335caca9e5ead52c09fe7377e7c3416..fbc51a3690fb9fbadc758aa0377fe09a6c9709fb 100644
--- a/doc/sources/admin/variables.rst
+++ b/doc/sources/admin/variables.rst
@@ -148,15 +148,17 @@ Key              Description
 OpenID Connect
 --------------
 
-============================ ===============================================
+============================ ======================================================================
 Key                          Description
-============================ ===============================================
+============================ ======================================================================
 \_oidc_id_token              ID Token
 \_oidc_OP                    Configuration key of OP used for authentication
 \_oidc_access_token          OAuth2 Access Token used to get UserInfo data
+\_oidc_access_token_eol      Timestamp after which the Access Token should no longer be valid
+\_oidc_refresh_token         OAuth2 Refresh Token. This should never be transmitted to applications
 \_oidc_consent_scope\_\ *rp* Scope for which consent was given for RP *rp*
 \_oidc_consent_time\_\ *rp*  Time when consent was given for RP *rp*
-============================ ===============================================
+============================ ======================================================================
 
 Other
 -----
diff --git a/lemonldap-ng-manager/site/coffee/sessions.coffee b/lemonldap-ng-manager/site/coffee/sessions.coffee
index 9d4e7cb87d317ecfaa40d67387086c0e49f570a4..d9434ee51cfa0665d2399b2639ab5e292238f471 100644
--- a/lemonldap-ng-manager/site/coffee/sessions.coffee
+++ b/lemonldap-ng-manager/site/coffee/sessions.coffee
@@ -114,7 +114,7 @@ categories =
     saml:               ['_idp', '_idpConfKey', '_samlToken', '_lassoSessionDump', '_lassoIdentityDump']
     groups:             ['groups', 'hGroups']
     ldap:               ['dn']
-    OpenIDConnect:      ['_oidc_id_token', '_oidc_OP', '_oidc_access_token']
+    OpenIDConnect:      ['_oidc_id_token', '_oidc_OP', '_oidc_access_token', '_oidc_refresh_token', '_oidc_access_token_eol']
     sfaTitle:			['_2fDevices']
     oidcConsents:		['_oidcConsents']
 
diff --git a/lemonldap-ng-manager/site/htdocs/static/js/sessions.js b/lemonldap-ng-manager/site/htdocs/static/js/sessions.js
index 0ec970524960d034c9538f4fe31b0bb32e98212b..54978e8c924084bce9645dc75df7702fb2faffda 100644
--- a/lemonldap-ng-manager/site/htdocs/static/js/sessions.js
+++ b/lemonldap-ng-manager/site/htdocs/static/js/sessions.js
@@ -126,7 +126,7 @@
     saml: ['_idp', '_idpConfKey', '_samlToken', '_lassoSessionDump', '_lassoIdentityDump'],
     groups: ['groups', 'hGroups'],
     ldap: ['dn'],
-    OpenIDConnect: ['_oidc_id_token', '_oidc_OP', '_oidc_access_token'],
+    OpenIDConnect: ['_oidc_id_token', '_oidc_OP', '_oidc_access_token', '_oidc_refresh_token', '_oidc_access_token_eol'],
     sfaTitle: ['_2fDevices'],
     oidcConsents: ['_oidcConsents']
   };
diff --git a/lemonldap-ng-manager/site/htdocs/static/js/sessions.min.js b/lemonldap-ng-manager/site/htdocs/static/js/sessions.min.js
index 22e5813c0e595f3500f9e27f54fe6b9f9ad649a7..9ebafdfe7a1e471efc2dabe8e62140dae123eb7a 100644
--- a/lemonldap-ng-manager/site/htdocs/static/js/sessions.min.js
+++ b/lemonldap-ng-manager/site/htdocs/static/js/sessions.min.js
@@ -1 +1 @@
-!function(){var f={_whatToTrace:[function(e,t){return"groupBy=substr("+e+",1)"},function(e,t){return e+"="+t+"*&groupBy="+e},function(e,t){return e+"="+t}],ipAddr:[function(e,t){return"groupBy=net("+e+",16,1)"},function(e,t){return t.match(/:/)||(t+="."),e+"="+t+"*&groupBy=net("+e+",32,2)"},function(e,t){return t.match(/:/)||(t+="."),e+"="+t+"*&groupBy=net("+e+",48,3)"},function(e,t){return t.match(/:/)||(t+="."),e+"="+t+"*&groupBy=net("+e+",128,4)"},function(e,t){return e+"="+t+"&groupBy=_whatToTrace"},function(e,t,n){return n.replace(/\&groupBy.*$/,"")+"&_whatToTrace="+t}],_startTime:[function(e,t){return"groupBy=substr("+e+",8)"},function(e,t){return e+"="+t+"*&groupBy=substr("+e+",10)"},function(e,t){return e+"="+t+"*&groupBy=substr("+e+",11)"},function(e,t){return e+"="+t+"*&groupBy=substr("+e+",12)"},function(e,t){return e+"="+t+"*&groupBy=_whatToTrace"},function(e,t,n){return console.log(e),console.log(t),console.log(n),n.replace(/\&groupBy.*$/,"")+"&_whatToTrace="+t}],doubleIp:[function(e,t){return e},function(e,t){return"_whatToTrace="+t+"&groupBy=ipAddr"},function(e,t,n){return n.replace(/\&groupBy.*$/,"")+"&ipAddr="+t}],_session_uid:[function(e,t){return"groupBy=substr("+e+",1)"},function(e,t){return e+"="+t+"*&groupBy="+e},function(e,t){return e+"="+t}]},g={_whatToTrace:function(e,t,n,o){return console.log("overScheme => level",n,"over",o),1===n&&t.length>o?e+"="+t+"*&groupBy=substr("+e+","+(n+o+1)+")":null},ipAddr:function(e,t,n,o){return console.log("overScheme => level",n,"over",o),0<n&&n<4&&!t.match(/^\d+\.\d/)&&o<2?e+"="+t+"*&groupBy=net("+e+","+(16*n+4*(o+1))+","+(1+n+o)+")":null},_startTime:function(e,t,n,o){return console.log("overScheme => level",n,"over",o),3<n?e+"="+t+"*&groupBy=substr("+e+","+(10+n+o)+")":null},_session_uid:function(e,t,n,o){return console.log("overScheme => level",n,"over",o),1===n&&t.length>o?e+"="+t+"*&groupBy=substr("+e+","+(n+o+1)+")":null}},M={dateTitle:["_utime","_startTime","_updateTime","_lastAuthnUTime","_lastSeen"],connectionTitle:["ipAddr","_timezone","_url"],authenticationTitle:["_session_id","_user","_password","authenticationLevel"],modulesTitle:["_auth","_userDB","_passwordDB","_issuerDB","_authChoice","_authMulti","_userDBMulti","_2f"],saml:["_idp","_idpConfKey","_samlToken","_lassoSessionDump","_lassoIdentityDump"],groups:["groups","hGroups"],ldap:["dn"],OpenIDConnect:["_oidc_id_token","_oidc_OP","_oidc_access_token"],sfaTitle:["_2fDevices"],oidcConsents:["_oidcConsents"]},i={session:[{title:"deleteSession",icon:"trash"}],home:[]};angular.module("llngSessionsExplorer",["ui.tree","ui.bootstrap","llApp"]).controller("SessionsExplorerCtrl",["$scope","$translator","$location","$q","$http",function(H,t,r,e,o){var p,n,d;return H.links=links,H.menulinks=menulinks,H.staticPrefix=staticPrefix,H.scriptname=scriptname,H.formPrefix=formPrefix,H.impPrefix=impPrefix,H.sessionTTL=sessionTTL,H.availableLanguages=availableLanguages,H.waiting=!0,H.showM=!1,H.showT=!0,H.data=[],H.currentScope=null,H.currentSession=null,H.menu=i,H.translateP=t.translateP,H.translate=t.translate,H.translateTitle=function(e){return t.translateField(e,"title")},d="global",H.menuClick=function(e){if(e.popup)window.open(e.popup);else switch(e.action||(e.action=e.title),typeof e.action){case"function":e.action(H.currentNode,H);break;case"string":H[e.action]();break;default:console.log(typeof e.action)}return H.showM=!1},H.deleteOIDCConsent=function(e,t){var i=document.querySelectorAll(".data-"+t);return H.waiting=!0,o.delete(scriptname+"sessions/OIDCConsent/"+d+"/"+H.currentSession.id+"?rp="+e+"&epoch="+t).then(function(e){var t,n,o,r;for(H.waiting=!1,r=[],n=0,o=i.length;n<o;n++)t=i[n],r.push(t.remove());return r},function(e){return H.waiting=!1}),H.showT=!1},H.deleteSession=function(){return H.waiting=!0,o.delete(scriptname+"sessions/"+d+"/"+H.currentSession.id).then(function(e){return H.currentSession=null,H.currentScope.remove(),H.waiting=!1},function(e){return H.waiting=!1})},H.stoggle=function(e){var t=e.$modelValue;return 0===t.nodes.length&&H.updateTree(t.value,t.nodes,t.level,t.over,t.query,t.count),e.toggle()},H.displaySession=function(e){var t,n=function(s){var e,t,n,o,r,i,l,u,a,c,p,d,f,g,h,_,m,y,T,v,w,S,$,B,b,D,L,A,P,x,C,k,I,O,R=function(e,t){var n,o,r=[],i=new RegExp(e);for(n in s)o=s[n],n.match(i)&&o&&(r.push({title:n,value:o}),delete s[n]);if(0<r.length)return L.push({title:t,nodes:r})},E=s._utime;for(p in s)(O=s[p])?("string"==typeof s&&O.match(/; /)&&(s[p]=O.split("; ")),"object"!=typeof s[p]&&("_password".match(new RegExp("\b"+p+"\b"))?s[p]="********":p.match(/^(_utime|_lastAuthnUTime|_lastSeen|notification)$/)?s[p]=H.localeDate(O):p.match(/^(_startTime|_updateTime)$/)&&(s[p]=H.strToLocaleDate(O)))):delete s[p];for(o in L=[],M){for(x=[],u=0,f=(n=M[o]).length;u<f;u++)if(t=n[u],s[t])if(s[t].toString().match(/"type":\s*"(?:TOTP|U2F|UBK|WebAuthn)"/)){for(x.push({title:"type",value:"name",epoch:"date",td:"0"}),a=0,g=(e=JSON.parse(s[t])).length;a<g;a++){for(p in A=e[a])O=A[p],"type"===p&&(k=O),"name"===p&&(v=O),"epoch"===p&&(l=O);x.push({title:k,value:v,epoch:l,td:"1"})}delete s[t]}else if(s[t].toString().match(/"rp":\s*"[\w-]+"/)){for(x.push({title:"RP",value:"scope",epoch:"date",td:"0"}),c=0,h=(e=JSON.parse(s[t])).length;c<h;c++){for(p in S=e[c])O=S[p],"rp"===p&&(k=O),"scope"===p&&(v=O),"epoch"===p&&(l=O);x.push({title:k,value:v,epoch:l,td:"2"})}delete s[t]}else s[t].toString().match(/\w+/)&&x.push({title:t,value:s[t],epoch:""}),delete s[t];else delete s[t];0<x.length&&L.push({title:"__"+o+"__",nodes:x})}if(R("^openid","OpenID"),R("^notification_(.+)","__notificationsDone__"),s._loginHistory){if(I=[],s._loginHistory.successLogin)for(T=0,_=(b=s._loginHistory.successLogin).length;T<_;T++){for(p in r="",d=b[T])O=d[p],p.match(/^(_utime|ipAddr|error)$/)||(r+=", "+p+" : "+O);(C=r.split(", ")).sort(),r=C.join(", "),I.push({t:d._utime,title:H.localeDate(d._utime),value:"Success (IP "+d.ipAddr+")"+r})}if(s._loginHistory.failedLogin)for(w=0,m=(D=s._loginHistory.failedLogin).length;w<m;w++){for(p in r="",d=D[w])O=d[p],p.match(/^(_utime|ipAddr|error)$/)||(r+=", "+p+" : "+O);(C=r.split(", ")).sort(),r=C.join(", "),I.push({t:d._utime,title:H.localeDate(d._utime),value:"Error "+d.error+" (IP "+d.ipAddr+")"+r})}delete s._loginHistory,I.sort(function(e,t){return t.t-e.t}),L.push({title:"__loginHistory__",nodes:I})}for(p in I=[],s)O=s[p],I.push({title:p,value:O});for(I.sort(function(e,t){return e.title>t.title?1:e.title<t.title?-1:0}),B=[],P=[],$=0,y=I.length;$<y;$++)(i=I[$]).title.match(new RegExp("^"+H.impPrefix+".+$"))?(console.log(i,"-> real attribute"),B.push(i)):P.push(i);return I=P.concat(B),L.push({title:"__attributesAndMacros__",nodes:I}),{_utime:E,nodes:L}};return H.currentScope=e,t=e.$modelValue.session,o.get(scriptname+"sessions/"+d+"/"+t).then(function(e){return H.currentSession=n(e.data),H.currentSession.id=t}),H.showT=!1},H.localeDate=function(e){return new Date(1e3*e).toLocaleString()},H.isValid=function(e,t){var n=r.path(),o=Date.now()/1e3;return console.log("Path",n),console.log("Session epoch",e),console.log("Current date",o),console.log("Session TTL",sessionTTL),e=o-e<sessionTTL||r.path().match(/^\/persistent/),"msg"===t?(console.log("Return msg"),e?"info":"warning"):"style"===t?(console.log("Return style"),e?{}:{color:"#627990","font-style":"italic"}):(console.log("Return isValid"),e)},H.strToLocaleDate=function(e){var t=e.match(/^(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})$/);return t.length?new Date(t[1]+"-"+t[2]+"-"+t[3]+"T"+t[4]+":"+t[5]+":"+t[6]).toLocaleString():e},H.getLanguage=function(e){return H.lang=e,H.form="white",H.init(),H.showM=!1},n=function(e,t,n){t=t.match(/#!?\/(\w+)/);return d="global",null===t?H.type="_whatToTrace":t[1].match(/^(persistent|offline)$/)?(d=RegExp.$1,H.type="_session_uid"):H.type=t[1],H.init()},H.$on("$locationChangeSuccess",n),p=0,H.updateTree=function(i,s,l,u,e,t){var a,c,n;if(H.waiting=!0,c=f[H.type]||("_updateTime"===H.type?f._startTime:f._whatToTrace),a=c[l](H.type,i,e),25<t&&g[H.type]&&(n=g[H.type](H.type,i,l,u,e))?(u++,a=n,l-=1):u=0,o.get(scriptname+"sessions/"+d+"?"+a).then(function(e){var t,n,o,r,e=e.data;if(e.result){for(t=0,n=(r=e.values).length;t<n;t++)o=r[t],p++,o.id="node"+p,l<c.length-1&&(o.nodes=[],o.level=l+1,o.query=a,o.over=u,H.type.match(/^(?:start|update)Time$/)&&(o.title=o.value.replace(/^(\d{8})(\d{2})(\d{2})$/,"$2:$3").replace(/^(\d{8})(\d{2})(\d)$/,"$2:$30").replace(/^(\d{8})(\d{2})$/,"$2h").replace(/^(\d{4})(\d{2})(\d{2})/,"$1-$2-$3"))),s.push(o);""===i&&(H.total=e.total)}return H.waiting=!1},function(e){return H.waiting=!1}),console.log("Selection",d),H.navssoStyle={color:"#777"},H.offlineStyle={color:"#777"},H.persistentStyle={color:"#777"},"global"===d&&(H.navssoStyle={color:"#333"}),"offline"===d&&(H.offlineStyle={color:"#333"}),"persistent"===d)return H.persistentStyle={color:"#333"}},H.init=function(){return H.waiting=!0,H.data=[],H.currentScope=null,H.currentSession=null,e.all([t.init(H.lang),H.updateTree("",H.data,0,0)]).then(function(){return H.waiting=!1},function(e){return H.waiting=!1}),H.activeModule="sessions",H.myStyle={color:"#ffb84d"}},n=r.path().match(/^\/(\w+)/),H.type=n?n[1]:"_whatToTrace"}])}.call(this);
\ No newline at end of file
+!function(){var f={_whatToTrace:[function(e,t){return"groupBy=substr("+e+",1)"},function(e,t){return e+"="+t+"*&groupBy="+e},function(e,t){return e+"="+t}],ipAddr:[function(e,t){return"groupBy=net("+e+",16,1)"},function(e,t){return t.match(/:/)||(t+="."),e+"="+t+"*&groupBy=net("+e+",32,2)"},function(e,t){return t.match(/:/)||(t+="."),e+"="+t+"*&groupBy=net("+e+",48,3)"},function(e,t){return t.match(/:/)||(t+="."),e+"="+t+"*&groupBy=net("+e+",128,4)"},function(e,t){return e+"="+t+"&groupBy=_whatToTrace"},function(e,t,n){return n.replace(/\&groupBy.*$/,"")+"&_whatToTrace="+t}],_startTime:[function(e,t){return"groupBy=substr("+e+",8)"},function(e,t){return e+"="+t+"*&groupBy=substr("+e+",10)"},function(e,t){return e+"="+t+"*&groupBy=substr("+e+",11)"},function(e,t){return e+"="+t+"*&groupBy=substr("+e+",12)"},function(e,t){return e+"="+t+"*&groupBy=_whatToTrace"},function(e,t,n){return console.log(e),console.log(t),console.log(n),n.replace(/\&groupBy.*$/,"")+"&_whatToTrace="+t}],doubleIp:[function(e,t){return e},function(e,t){return"_whatToTrace="+t+"&groupBy=ipAddr"},function(e,t,n){return n.replace(/\&groupBy.*$/,"")+"&ipAddr="+t}],_session_uid:[function(e,t){return"groupBy=substr("+e+",1)"},function(e,t){return e+"="+t+"*&groupBy="+e},function(e,t){return e+"="+t}]},g={_whatToTrace:function(e,t,n,o){return console.log("overScheme => level",n,"over",o),1===n&&t.length>o?e+"="+t+"*&groupBy=substr("+e+","+(n+o+1)+")":null},ipAddr:function(e,t,n,o){return console.log("overScheme => level",n,"over",o),0<n&&n<4&&!t.match(/^\d+\.\d/)&&o<2?e+"="+t+"*&groupBy=net("+e+","+(16*n+4*(o+1))+","+(1+n+o)+")":null},_startTime:function(e,t,n,o){return console.log("overScheme => level",n,"over",o),3<n?e+"="+t+"*&groupBy=substr("+e+","+(10+n+o)+")":null},_session_uid:function(e,t,n,o){return console.log("overScheme => level",n,"over",o),1===n&&t.length>o?e+"="+t+"*&groupBy=substr("+e+","+(n+o+1)+")":null}},M={dateTitle:["_utime","_startTime","_updateTime","_lastAuthnUTime","_lastSeen"],connectionTitle:["ipAddr","_timezone","_url"],authenticationTitle:["_session_id","_user","_password","authenticationLevel"],modulesTitle:["_auth","_userDB","_passwordDB","_issuerDB","_authChoice","_authMulti","_userDBMulti","_2f"],saml:["_idp","_idpConfKey","_samlToken","_lassoSessionDump","_lassoIdentityDump"],groups:["groups","hGroups"],ldap:["dn"],OpenIDConnect:["_oidc_id_token","_oidc_OP","_oidc_access_token","_oidc_refresh_token","_oidc_access_token_eol"],sfaTitle:["_2fDevices"],oidcConsents:["_oidcConsents"]},i={session:[{title:"deleteSession",icon:"trash"}],home:[]};angular.module("llngSessionsExplorer",["ui.tree","ui.bootstrap","llApp"]).controller("SessionsExplorerCtrl",["$scope","$translator","$location","$q","$http",function(H,t,r,e,o){var p,n,d;return H.links=links,H.menulinks=menulinks,H.staticPrefix=staticPrefix,H.scriptname=scriptname,H.formPrefix=formPrefix,H.impPrefix=impPrefix,H.sessionTTL=sessionTTL,H.availableLanguages=availableLanguages,H.waiting=!0,H.showM=!1,H.showT=!0,H.data=[],H.currentScope=null,H.currentSession=null,H.menu=i,H.translateP=t.translateP,H.translate=t.translate,H.translateTitle=function(e){return t.translateField(e,"title")},d="global",H.menuClick=function(e){if(e.popup)window.open(e.popup);else switch(e.action||(e.action=e.title),typeof e.action){case"function":e.action(H.currentNode,H);break;case"string":H[e.action]();break;default:console.log(typeof e.action)}return H.showM=!1},H.deleteOIDCConsent=function(e,t){var i=document.querySelectorAll(".data-"+t);return H.waiting=!0,o.delete(scriptname+"sessions/OIDCConsent/"+d+"/"+H.currentSession.id+"?rp="+e+"&epoch="+t).then(function(e){var t,n,o,r;for(H.waiting=!1,r=[],n=0,o=i.length;n<o;n++)t=i[n],r.push(t.remove());return r},function(e){return H.waiting=!1}),H.showT=!1},H.deleteSession=function(){return H.waiting=!0,o.delete(scriptname+"sessions/"+d+"/"+H.currentSession.id).then(function(e){return H.currentSession=null,H.currentScope.remove(),H.waiting=!1},function(e){return H.waiting=!1})},H.stoggle=function(e){var t=e.$modelValue;return 0===t.nodes.length&&H.updateTree(t.value,t.nodes,t.level,t.over,t.query,t.count),e.toggle()},H.displaySession=function(e){var t,n=function(s){var e,t,n,o,r,i,l,u,a,c,p,d,f,g,h,_,m,y,T,v,w,S,$,B,b,D,L,A,P,x,C,k,I,O,R=function(e,t){var n,o,r=[],i=new RegExp(e);for(n in s)o=s[n],n.match(i)&&o&&(r.push({title:n,value:o}),delete s[n]);if(0<r.length)return L.push({title:t,nodes:r})},E=s._utime;for(p in s)(O=s[p])?("string"==typeof s&&O.match(/; /)&&(s[p]=O.split("; ")),"object"!=typeof s[p]&&("_password".match(new RegExp("\b"+p+"\b"))?s[p]="********":p.match(/^(_utime|_lastAuthnUTime|_lastSeen|notification)$/)?s[p]=H.localeDate(O):p.match(/^(_startTime|_updateTime)$/)&&(s[p]=H.strToLocaleDate(O)))):delete s[p];for(o in L=[],M){for(x=[],u=0,f=(n=M[o]).length;u<f;u++)if(t=n[u],s[t])if(s[t].toString().match(/"type":\s*"(?:TOTP|U2F|UBK|WebAuthn)"/)){for(x.push({title:"type",value:"name",epoch:"date",td:"0"}),a=0,g=(e=JSON.parse(s[t])).length;a<g;a++){for(p in A=e[a])O=A[p],"type"===p&&(k=O),"name"===p&&(v=O),"epoch"===p&&(l=O);x.push({title:k,value:v,epoch:l,td:"1"})}delete s[t]}else if(s[t].toString().match(/"rp":\s*"[\w-]+"/)){for(x.push({title:"RP",value:"scope",epoch:"date",td:"0"}),c=0,h=(e=JSON.parse(s[t])).length;c<h;c++){for(p in S=e[c])O=S[p],"rp"===p&&(k=O),"scope"===p&&(v=O),"epoch"===p&&(l=O);x.push({title:k,value:v,epoch:l,td:"2"})}delete s[t]}else s[t].toString().match(/\w+/)&&x.push({title:t,value:s[t],epoch:""}),delete s[t];else delete s[t];0<x.length&&L.push({title:"__"+o+"__",nodes:x})}if(R("^openid","OpenID"),R("^notification_(.+)","__notificationsDone__"),s._loginHistory){if(I=[],s._loginHistory.successLogin)for(T=0,_=(b=s._loginHistory.successLogin).length;T<_;T++){for(p in r="",d=b[T])O=d[p],p.match(/^(_utime|ipAddr|error)$/)||(r+=", "+p+" : "+O);(C=r.split(", ")).sort(),r=C.join(", "),I.push({t:d._utime,title:H.localeDate(d._utime),value:"Success (IP "+d.ipAddr+")"+r})}if(s._loginHistory.failedLogin)for(w=0,m=(D=s._loginHistory.failedLogin).length;w<m;w++){for(p in r="",d=D[w])O=d[p],p.match(/^(_utime|ipAddr|error)$/)||(r+=", "+p+" : "+O);(C=r.split(", ")).sort(),r=C.join(", "),I.push({t:d._utime,title:H.localeDate(d._utime),value:"Error "+d.error+" (IP "+d.ipAddr+")"+r})}delete s._loginHistory,I.sort(function(e,t){return t.t-e.t}),L.push({title:"__loginHistory__",nodes:I})}for(p in I=[],s)O=s[p],I.push({title:p,value:O});for(I.sort(function(e,t){return e.title>t.title?1:e.title<t.title?-1:0}),B=[],P=[],$=0,y=I.length;$<y;$++)(i=I[$]).title.match(new RegExp("^"+H.impPrefix+".+$"))?(console.log(i,"-> real attribute"),B.push(i)):P.push(i);return I=P.concat(B),L.push({title:"__attributesAndMacros__",nodes:I}),{_utime:E,nodes:L}};return H.currentScope=e,t=e.$modelValue.session,o.get(scriptname+"sessions/"+d+"/"+t).then(function(e){return H.currentSession=n(e.data),H.currentSession.id=t}),H.showT=!1},H.localeDate=function(e){return new Date(1e3*e).toLocaleString()},H.isValid=function(e,t){var n=r.path(),o=Date.now()/1e3;return console.log("Path",n),console.log("Session epoch",e),console.log("Current date",o),console.log("Session TTL",sessionTTL),e=o-e<sessionTTL||r.path().match(/^\/persistent/),"msg"===t?(console.log("Return msg"),e?"info":"warning"):"style"===t?(console.log("Return style"),e?{}:{color:"#627990","font-style":"italic"}):(console.log("Return isValid"),e)},H.strToLocaleDate=function(e){var t=e.match(/^(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})$/);return t.length?new Date(t[1]+"-"+t[2]+"-"+t[3]+"T"+t[4]+":"+t[5]+":"+t[6]).toLocaleString():e},H.getLanguage=function(e){return H.lang=e,H.form="white",H.init(),H.showM=!1},n=function(e,t,n){t=t.match(/#!?\/(\w+)/);return d="global",null===t?H.type="_whatToTrace":t[1].match(/^(persistent|offline)$/)?(d=RegExp.$1,H.type="_session_uid"):H.type=t[1],H.init()},H.$on("$locationChangeSuccess",n),p=0,H.updateTree=function(i,s,l,u,e,t){var a,c,n;if(H.waiting=!0,c=f[H.type]||("_updateTime"===H.type?f._startTime:f._whatToTrace),a=c[l](H.type,i,e),25<t&&g[H.type]&&(n=g[H.type](H.type,i,l,u,e))?(u++,a=n,l-=1):u=0,o.get(scriptname+"sessions/"+d+"?"+a).then(function(e){var t,n,o,r,e=e.data;if(e.result){for(t=0,n=(r=e.values).length;t<n;t++)o=r[t],p++,o.id="node"+p,l<c.length-1&&(o.nodes=[],o.level=l+1,o.query=a,o.over=u,H.type.match(/^(?:start|update)Time$/)&&(o.title=o.value.replace(/^(\d{8})(\d{2})(\d{2})$/,"$2:$3").replace(/^(\d{8})(\d{2})(\d)$/,"$2:$30").replace(/^(\d{8})(\d{2})$/,"$2h").replace(/^(\d{4})(\d{2})(\d{2})/,"$1-$2-$3"))),s.push(o);""===i&&(H.total=e.total)}return H.waiting=!1},function(e){return H.waiting=!1}),console.log("Selection",d),H.navssoStyle={color:"#777"},H.offlineStyle={color:"#777"},H.persistentStyle={color:"#777"},"global"===d&&(H.navssoStyle={color:"#333"}),"offline"===d&&(H.offlineStyle={color:"#333"}),"persistent"===d)return H.persistentStyle={color:"#333"}},H.init=function(){return H.waiting=!0,H.data=[],H.currentScope=null,H.currentSession=null,e.all([t.init(H.lang),H.updateTree("",H.data,0,0)]).then(function(){return H.waiting=!1},function(e){return H.waiting=!1}),H.activeModule="sessions",H.myStyle={color:"#ffb84d"}},n=r.path().match(/^\/(\w+)/),H.type=n?n[1]:"_whatToTrace"}])}.call(this);
\ No newline at end of file
diff --git a/lemonldap-ng-manager/site/htdocs/static/js/sessions.min.js.map b/lemonldap-ng-manager/site/htdocs/static/js/sessions.min.js.map
index 2db6be23460f6f0ab7449956198def033ab18146..e8c14fa411a7a77f0f3849621a0b7ac4aa85ff24 100644
--- a/lemonldap-ng-manager/site/htdocs/static/js/sessions.min.js.map
+++ b/lemonldap-ng-manager/site/htdocs/static/js/sessions.min.js.map
@@ -1 +1 @@
-{"version":3,"sources":["sessions.js"],"names":["schemes","_whatToTrace","t","v","ipAddr","match","q","replace","_startTime","console","log","doubleIp","_session_uid","overScheme","level","over","length","categories","dateTitle","connectionTitle","authenticationTitle","modulesTitle","saml","groups","ldap","OpenIDConnect","sfaTitle","oidcConsents","menu","session","title","icon","home","angular","module","controller","$scope","$translator","$location","$q","$http","autoId","pathEvent","sessionType","links","menulinks","staticPrefix","scriptname","formPrefix","impPrefix","sessionTTL","availableLanguages","waiting","showM","showT","data","currentScope","currentSession","translateP","translate","translateTitle","node","translateField","menuClick","button","popup","window","open","action","currentNode","deleteOIDCConsent","rp","epoch","items","document","querySelectorAll","id","then","response","e","i","len","results","push","remove","resp","deleteSession","stoggle","scope","$modelValue","nodes","updateTree","value","query","count","toggle","displaySession","sessionId","transformSession","array","attr","attrs","category","cv","element","j","k","key","l","len1","len2","len3","len4","len5","m","name","o","oidcConsent","p","real","ref","ref1","res","sfDevice","spoof","subres","tab","tmp","_insert","re","reg","RegExp","time","_utime","split","localeDate","strToLocaleDate","toString","td","JSON","parse","_loginHistory","successLogin","sort","join","failedLogin","error","a","b","concat","get","s","Date","toLocaleString","isValid","type","path","now","color","font-style","arrayDate","getLanguage","lang","form","init","event","next","current","n","$1","$on","currentQuery","scheme","result","values","total","navssoStyle","offlineStyle","persistentStyle","all","activeModule","myStyle","c","call","this"],"mappings":"CAMA,WACE,IAIAA,EAAU,CACRC,aAAc,CACZ,SAASC,EAAGC,GACV,MAAO,kBAAoBD,EAAI,OAC9B,SAASA,EAAGC,GACb,OAAOD,EAAI,IAAMC,EAAI,aAAeD,GACnC,SAASA,EAAGC,GACb,OAAOD,EAAI,IAAMC,IAGrBC,OAAQ,CACN,SAASF,EAAGC,GACV,MAAO,eAAiBD,EAAI,UAC3B,SAASA,EAAGC,GAIb,OAHKA,EAAEE,MAAM,OACXF,GAAQ,KAEHD,EAAI,IAAMC,EAAI,iBAAmBD,EAAI,UAC3C,SAASA,EAAGC,GAIb,OAHKA,EAAEE,MAAM,OACXF,GAAQ,KAEHD,EAAI,IAAMC,EAAI,iBAAmBD,EAAI,UAC3C,SAASA,EAAGC,GAIb,OAHKA,EAAEE,MAAM,OACXF,GAAQ,KAEHD,EAAI,IAAMC,EAAI,iBAAmBD,EAAI,WAC3C,SAASA,EAAGC,GACb,OAAOD,EAAI,IAAMC,EAAI,yBACpB,SAASD,EAAGC,EAAGG,GAChB,OAAOA,EAAEC,QAAQ,eAAgB,IAAO,iBAAmBJ,IAG/DK,WAAY,CACV,SAASN,EAAGC,GACV,MAAO,kBAAoBD,EAAI,OAC9B,SAASA,EAAGC,GACb,OAAOD,EAAI,IAAMC,EAAI,oBAAsBD,EAAI,QAC9C,SAASA,EAAGC,GACb,OAAOD,EAAI,IAAMC,EAAI,oBAAsBD,EAAI,QAC9C,SAASA,EAAGC,GACb,OAAOD,EAAI,IAAMC,EAAI,oBAAsBD,EAAI,QAC9C,SAASA,EAAGC,GACb,OAAOD,EAAI,IAAMC,EAAI,0BACpB,SAASD,EAAGC,EAAGG,GAIhB,OAHAG,QAAQC,IAAIR,GACZO,QAAQC,IAAIP,GACZM,QAAQC,IAAIJ,GACLA,EAAEC,QAAQ,eAAgB,IAAO,iBAAmBJ,IAG/DQ,SAAU,CACR,SAAST,EAAGC,GACV,OAAOD,GACN,SAASA,EAAGC,GACb,MAAO,gBAAkBA,EAAI,mBAC5B,SAASD,EAAGC,EAAGG,GAChB,OAAOA,EAAEC,QAAQ,eAAgB,IAAO,WAAaJ,IAGzDS,aAAc,CACZ,SAASV,EAAGC,GACV,MAAO,kBAAoBD,EAAI,OAC9B,SAASA,EAAGC,GACb,OAAOD,EAAI,IAAMC,EAAI,aAAeD,GACnC,SAASA,EAAGC,GACb,OAAOD,EAAI,IAAMC,KAKvBU,EAAa,CACXZ,aAAc,SAASC,EAAGC,EAAGW,EAAOC,GAElC,OADAN,QAAQC,IAAI,sBAAuBI,EAAO,OAAQC,GACpC,IAAVD,GAAeX,EAAEa,OAASD,EACrBb,EAAI,IAAMC,EAAI,oBAAsBD,EAAI,KAAOY,EAAQC,EAAO,GAAK,IAEnE,MAGXX,OAAQ,SAASF,EAAGC,EAAGW,EAAOC,GAE5B,OADAN,QAAQC,IAAI,sBAAuBI,EAAO,OAAQC,GACtC,EAARD,GAAaA,EAAQ,IAAMX,EAAEE,MAAM,aAAeU,EAAO,EACpDb,EAAI,IAAMC,EAAI,iBAAmBD,EAAI,KAAO,GAAKY,EAAQ,GAAKC,EAAO,IAAM,KAAO,EAAID,EAAQC,GAAQ,IAEtG,MAGXP,WAAY,SAASN,EAAGC,EAAGW,EAAOC,GAEhC,OADAN,QAAQC,IAAI,sBAAuBI,EAAO,OAAQC,GACtC,EAARD,EACKZ,EAAI,IAAMC,EAAI,oBAAsBD,EAAI,KAAO,GAAKY,EAAQC,GAAQ,IAEpE,MAGXH,aAAc,SAASV,EAAGC,EAAGW,EAAOC,GAElC,OADAN,QAAQC,IAAI,sBAAuBI,EAAO,OAAQC,GACpC,IAAVD,GAAeX,EAAEa,OAASD,EACrBb,EAAI,IAAMC,EAAI,oBAAsBD,EAAI,KAAOY,EAAQC,EAAO,GAAK,IAEnE,OAObE,EAAa,CACXC,UAAW,CAAC,SAAU,aAAc,cAAe,kBAAmB,aACtEC,gBAAiB,CAAC,SAAU,YAAa,QACzCC,oBAAqB,CAAC,cAAe,QAAS,YAAa,uBAC3DC,aAAc,CAAC,QAAS,UAAW,cAAe,YAAa,cAAe,aAAc,eAAgB,OAC5GC,KAAM,CAAC,OAAQ,cAAe,aAAc,oBAAqB,sBACjEC,OAAQ,CAAC,SAAU,WACnBC,KAAM,CAAC,MACPC,cAAe,CAAC,iBAAkB,WAAY,sBAC9CC,SAAU,CAAC,cACXC,aAAc,CAAC,kBAGjBC,EAAO,CACLC,QAAS,CACP,CACEC,MAAO,gBACPC,KAAM,UAGVC,KAAM,IAQAC,QAAQC,OAAO,uBAAwB,CAAC,UAAW,eAAgB,UAErEC,WAAW,uBAAwB,CACvC,SAAU,cAAe,YAAa,KAAM,QAAS,SAASC,EAAQC,EAAaC,EAAWC,EAAIC,GAChG,IAAIC,EAAWC,EAAWC,EAid1B,OAhdAP,EAAOQ,MAAQA,MACfR,EAAOS,UAAYA,UACnBT,EAAOU,aAAeA,aACtBV,EAAOW,WAAaA,WACpBX,EAAOY,WAAaA,WACpBZ,EAAOa,UAAYA,UACnBb,EAAOc,WAAaA,WACpBd,EAAOe,mBAAqBA,mBAC5Bf,EAAOgB,SAAU,EACjBhB,EAAOiB,OAAQ,EACfjB,EAAOkB,OAAQ,EACflB,EAAOmB,KAAO,GACdnB,EAAOoB,aAAe,KACtBpB,EAAOqB,eAAiB,KACxBrB,EAAOR,KAAOA,EACdQ,EAAOsB,WAAarB,EAAYqB,WAChCtB,EAAOuB,UAAYtB,EAAYsB,UAC/BvB,EAAOwB,eAAiB,SAASC,GAC/B,OAAOxB,EAAYyB,eAAeD,EAAM,UAE1ClB,EAAc,SACdP,EAAO2B,UAAY,SAASC,GAC1B,GAAIA,EAAOC,MACTC,OAAOC,KAAKH,EAAOC,YAKnB,OAHKD,EAAOI,SACVJ,EAAOI,OAASJ,EAAOlC,cAEVkC,EAAOI,QACpB,IAAK,WACHJ,EAAOI,OAAOhC,EAAOiC,YAAajC,GAClC,MACF,IAAK,SACHA,EAAO4B,EAAOI,UACd,MACF,QACE3D,QAAQC,WAAWsD,EAAOI,QAGhC,OAAOhC,EAAOiB,OAAQ,GAExBjB,EAAOkC,kBAAoB,SAASC,EAAIC,GACtC,IACAC,EAAQC,SAASC,iBAAiB,SAAWH,GAc7C,OAbApC,EAAOgB,SAAU,EACjBZ,EAAc,OAAEO,WAAa,wBAA0BJ,EAAc,IAAMP,EAAOqB,eAAemB,GAAK,OAASL,EAAK,UAAYC,GAAOK,KAAK,SAASC,GACnJ,IAAIC,EAAGC,EAAGC,EAAKC,EAGf,IAFA9C,EAAOgB,SAAU,EACjB8B,EAAU,GACLF,EAAI,EAAGC,EAAMR,EAAMzD,OAAQgE,EAAIC,EAAKD,IACvCD,EAAIN,EAAMO,GACVE,EAAQC,KAAKJ,EAAEK,UAEjB,OAAOF,GACN,SAASG,GACV,OAAOjD,EAAOgB,SAAU,IAEnBhB,EAAOkB,OAAQ,GAExBlB,EAAOkD,cAAgB,WAErB,OADAlD,EAAOgB,SAAU,EACVZ,EAAc,OAAEO,WAAa,YAAcJ,EAAc,IAAMP,EAAOqB,eAAemB,IAAIC,KAAK,SAASC,GAG5G,OAFA1C,EAAOqB,eAAiB,KACxBrB,EAAOoB,aAAa4B,SACbhD,EAAOgB,SAAU,GACvB,SAASiC,GACV,OAAOjD,EAAOgB,SAAU,KAG5BhB,EAAOmD,QAAU,SAASC,GACxB,IACA3B,EAAO2B,EAAMC,YAIb,OAH0B,IAAtB5B,EAAK6B,MAAM1E,QACboB,EAAOuD,WAAW9B,EAAK+B,MAAO/B,EAAK6B,MAAO7B,EAAK/C,MAAO+C,EAAK9C,KAAM8C,EAAKgC,MAAOhC,EAAKiC,OAE7EN,EAAMO,UAEf3D,EAAO4D,eAAiB,SAASR,GAC/B,IAAIS,EACJC,EAAmB,SAASrE,GAC1B,IAAasE,EAAOC,EAAMC,EAAOC,EAAUC,EAAIC,EAAShC,EAAOQ,EAAGyB,EAAGC,EAAGC,EAAKC,EAAG3B,EAAK4B,EAAMC,EAAMC,EAAMC,EAAMC,EAAMC,EAAGC,EAAMC,EAAGC,EAAaC,EAAGC,EAAMC,EAAKC,EAAMC,EAAKC,EAAUC,EAAOC,EAAQC,EAAWhG,EAAOiG,EAAKnC,EACrNoC,EAAU,SAASC,EAAInG,GACrB,IAAI6E,EAAef,EACnBmC,EAAM,GACNG,EAAM,IAAIC,OAAOF,GACjB,IAAKtB,KAAO9E,EACV+D,EAAQ/D,EAAQ8E,GACZA,EAAItG,MAAM6H,IAAQtC,IACpBmC,EAAI5C,KAAK,CACPrD,MAAO6E,EACPf,MAAOA,WAEF/D,EAAQ8E,IAGnB,GAAiB,EAAboB,EAAI/G,OACN,OAAO0G,EAAIvC,KAAK,CACdrD,MAAOA,EACP4D,MAAOqC,KAIbK,EAAOvG,EAAQwG,OACf,IAAK1B,KAAO9E,GACV+D,EAAQ/D,EAAQ8E,KAIS,iBAAZ9E,GAAwB+D,EAAMvF,MAAM,QAC7CwB,EAAQ8E,GAAOf,EAAM0C,MAAM,OAED,iBAAjBzG,EAAQ8E,KAlJZ,YAmJgBtG,MAAM,IAAI8H,OAAO,KAAOxB,EAAM,OACjD9E,EAAQ8E,GAAO,WACNA,EAAItG,MAAM,qDACnBwB,EAAQ8E,GAAOvE,EAAOmG,WAAW3C,GACxBe,EAAItG,MAAM,gCACnBwB,EAAQ8E,GAAOvE,EAAOoG,gBAAgB5C,aAXnC/D,EAAQ8E,GAiBnB,IAAKL,KADLoB,EAAM,GACWzG,EAAY,CAG3B,IADA4G,EAAS,GACJ7C,EAAI,EAAGC,GAFZoB,EAAQpF,EAAWqF,IAEKtF,OAAQgE,EAAIC,EAAKD,IAEvC,GADAoB,EAAOC,EAAMrB,GACTnD,EAAQuE,GACV,GAAIvE,EAAQuE,GAAMqC,WAAWpI,MAAM,yCAA0C,CAQ3E,IAPAwH,EAAO1C,KAAK,CACVrD,MAAO,OACP8D,MAAO,OACPpB,MAAO,OACPkE,GAAI,MAGDjC,EAAI,EAAGI,GADZV,EAAQwC,KAAKC,MAAM/G,EAAQuE,KACFpF,OAAQyF,EAAII,EAAMJ,IAAK,CAE9C,IAAKE,KADLgB,EAAWxB,EAAMM,GAEfb,EAAQ+B,EAAShB,GACL,SAARA,IACF7E,EAAQ8D,GAEE,SAARe,IACFQ,EAAOvB,GAEG,UAARe,IACFnC,EAAQoB,GAGZiC,EAAO1C,KAAK,CACVrD,MAAOA,EACP8D,MAAOuB,EACP3C,MAAOA,EACPkE,GAAI,aAGD7G,EAAQuE,QACV,GAAIvE,EAAQuE,GAAMqC,WAAWpI,MAAM,oBAAqB,CAQ7D,IAPAwH,EAAO1C,KAAK,CACVrD,MAAO,KACP8D,MAAO,QACPpB,MAAO,OACPkE,GAAI,MAGDhC,EAAI,EAAGI,GADZX,EAAQwC,KAAKC,MAAM/G,EAAQuE,KACFpF,OAAQ0F,EAAII,EAAMJ,IAAK,CAE9C,IAAKC,KADLU,EAAclB,EAAMO,GAElBd,EAAQyB,EAAYV,GACR,OAARA,IACF7E,EAAQ8D,GAEE,UAARe,IACFQ,EAAOvB,GAEG,UAARe,IACFnC,EAAQoB,GAGZiC,EAAO1C,KAAK,CACVrD,MAAOA,EACP8D,MAAOuB,EACP3C,MAAOA,EACPkE,GAAI,aAGD7G,EAAQuE,QACNvE,EAAQuE,GAAMqC,WAAWpI,MAAM,QACxCwH,EAAO1C,KAAK,CACVrD,MAAOsE,EACPR,MAAO/D,EAAQuE,GACf5B,MAAO,YAEF3C,EAAQuE,eAKVvE,EAAQuE,GAGC,EAAhByB,EAAO7G,QACT0G,EAAIvC,KAAK,CACPrD,MAAO,KAAOwE,EAAW,KACzBZ,MAAOmC,IAMb,GAFAG,EAAQ,UAAW,UACnBA,EAAQ,qBAAsB,yBAC1BnG,EAAQgH,cAAe,CAEzB,GADAd,EAAM,GACFlG,EAAQgH,cAAcC,aAExB,IAAK5B,EAAI,EAAGH,GADZS,EAAM3F,EAAQgH,cAAcC,cACL9H,OAAQkG,EAAIH,EAAMG,IAAK,CAG5C,IAAKP,KADLJ,EAAK,GADLK,EAAIY,EAAIN,GAGNtB,EAAQgB,EAAED,GACLA,EAAItG,MAAM,6BACbkG,GAAM,KAAOI,EAAM,MAAQf,IAG/BkC,EAAMvB,EAAG+B,MAAM,OACXS,OACJxC,EAAKuB,EAAIkB,KAAK,MACdjB,EAAI5C,KAAK,CACPjF,EAAG0G,EAAEyB,OACLvG,MAAOM,EAAOmG,WAAW3B,EAAEyB,QAC3BzC,MAAQ,eAAiBgB,EAAExG,OAAS,IAAOmG,IAIjD,GAAI1E,EAAQgH,cAAcI,YAExB,IAAK7B,EAAI,EAAGJ,GADZS,EAAO5F,EAAQgH,cAAcI,aACLjI,OAAQoG,EAAIJ,EAAMI,IAAK,CAG7C,IAAKT,KADLJ,EAAK,GADLK,EAAIa,EAAKL,GAGPxB,EAAQgB,EAAED,GACLA,EAAItG,MAAM,6BACbkG,GAAM,KAAOI,EAAM,MAAQf,IAG/BkC,EAAMvB,EAAG+B,MAAM,OACXS,OACJxC,EAAKuB,EAAIkB,KAAK,MACdjB,EAAI5C,KAAK,CACPjF,EAAG0G,EAAEyB,OACLvG,MAAOM,EAAOmG,WAAW3B,EAAEyB,QAC3BzC,MAAQ,SAAWgB,EAAEsC,MAAQ,QAAUtC,EAAExG,OAAS,IAAOmG,WAIxD1E,EAAQgH,cACfd,EAAIgB,KAAK,SAASI,EAAGC,GACnB,OAAOA,EAAElJ,EAAIiJ,EAAEjJ,IAEjBwH,EAAIvC,KAAK,CACPrD,MAAO,mBACP4D,MAAOqC,IAIX,IAAKpB,KADLoB,EAAM,GACMlG,EACV+D,EAAQ/D,EAAQ8E,GAChBoB,EAAI5C,KAAK,CACPrD,MAAO6E,EACPf,MAAOA,IAcX,IAXAmC,EAAIgB,KAAK,SAASI,EAAGC,GACnB,OAAID,EAAErH,MAAQsH,EAAEtH,MACP,EACEqH,EAAErH,MAAQsH,EAAEtH,OACb,EAED,IAGXyF,EAAO,GACPK,EAAQ,GACHN,EAAI,EAAGL,EAAOc,EAAI/G,OAAQsG,EAAIL,EAAMK,KACvCd,EAAUuB,EAAIT,IACFxF,MAAMzB,MAAM,IAAI8H,OAAO,IAAM/F,EAAOa,UAAY,SAC1DxC,QAAQC,IAAI8F,EAAS,qBACrBe,EAAKpC,KAAKqB,IAEVoB,EAAMzC,KAAKqB,GAQf,OALAuB,EAAMH,EAAMyB,OAAO9B,GACnBG,EAAIvC,KAAK,CACPrD,MAAO,0BACP4D,MAAOqC,IAEF,CACLM,OAAQD,EACR1C,MAAOgC,IASX,OANAtF,EAAOoB,aAAegC,EACtBS,EAAYT,EAAMC,YAAY5D,QAC9BW,EAAM8G,IAAIvG,WAAa,YAAcJ,EAAc,IAAMsD,GAAWpB,KAAK,SAASC,GAEhF,OADA1C,EAAOqB,eAAiByC,EAAiBpB,EAASvB,MAC3CnB,EAAOqB,eAAemB,GAAKqB,IAE7B7D,EAAOkB,OAAQ,GAExBlB,EAAOmG,WAAa,SAASgB,GAG3B,OADI,IAAIC,KAAS,IAAJD,GACJE,kBAEXrH,EAAOsH,QAAU,SAASlF,EAAOmF,GAC/B,IACAC,EAAOtH,EAAUsH,OACjBC,EAAML,KAAKK,MAAQ,IAMnB,OALApJ,QAAQC,IAAI,OAAQkJ,GACpBnJ,QAAQC,IAAI,gBAAiB8D,GAC7B/D,QAAQC,IAAI,eAAgBmJ,GAC5BpJ,QAAQC,IAAI,cAAewC,YAC3BwG,EAAUG,EAAMrF,EAAQtB,YAAcZ,EAAUsH,OAAOvJ,MAAM,iBAChD,QAATsJ,GACFlJ,QAAQC,IAAI,cACRgJ,EACK,OAEA,WAES,UAATC,GACTlJ,QAAQC,IAAI,gBACRgJ,EACK,GAEA,CACLI,MAAS,UACTC,aAAc,YAIlBtJ,QAAQC,IAAI,kBACLgJ,IAGXtH,EAAOoG,gBAAkB,SAASe,GAChC,IACAS,EAAYT,EAAElJ,MAAM,gDACpB,OAAK2J,EAAUhJ,OAGX,IAAIwI,KAAKQ,EAAU,GAAK,IAAMA,EAAU,GAAK,IAAMA,EAAU,GAAK,IAAMA,EAAU,GAAK,IAAMA,EAAU,GAAK,IAAMA,EAAU,IACvHP,iBAHAF,GAKXnH,EAAO6H,YAAc,SAASC,GAI5B,OAHA9H,EAAO8H,KAAOA,EACd9H,EAAO+H,KAAO,QACd/H,EAAOgI,OACAhI,EAAOiB,OAAQ,GAExBX,EAAY,SAAS2H,EAAOC,EAAMC,GAEhCC,EAAIF,EAAKjK,MAAM,cAUf,OATAsC,EAAc,SACJ,OAAN6H,EACFpI,EAAOuH,KAAO,eACLa,EAAE,GAAGnK,MAAM,2BACpBsC,EAAcwF,OAAOsC,GACrBrI,EAAOuH,KAAO,gBAEdvH,EAAOuH,KAAOa,EAAE,GAEXpI,EAAOgI,QAEhBhI,EAAOsI,IAAI,yBAA0BhI,GACrCD,EAAS,EACTL,EAAOuD,WAAa,SAASC,EAAO/B,EAAM/C,EAAOC,EAAM4J,EAAc7E,GACnE,IAAID,EAAO+E,EAAQ7C,EA+DnB,GA9DA3F,EAAOgB,SAAU,EACjBwH,EAAS5K,EAAQoC,EAAOuH,QAA+C,gBAAhBvH,EAAOuH,KAAyB3J,EAAQQ,WAAaR,EAAQC,cACpH4F,EAAQ+E,EAAO9J,GAAOsB,EAAOuH,KAAM/D,EAAO+E,GA9gB1C,GA+gBI7E,GAAejF,EAAWuB,EAAOuH,QAC/B5B,EAAMlH,EAAWuB,EAAOuH,MAAMvH,EAAOuH,KAAM/D,EAAO9E,EAAOC,EAAM4J,KACjE5J,IACA8E,EAAQkC,EACRjH,GAAgB,GAKlBC,EAAO,EAETyB,EAAM8G,IAAIvG,WAAa,YAAcJ,EAAc,IAAMkD,GAAOhB,KAAK,SAASC,GAC5E,IAAUE,EAAGC,EAAKuF,EAAGhD,EACrBjE,EAAOuB,EAASvB,KAChB,GAAIA,EAAKsH,OAAQ,CAEf,IAAK7F,EAAI,EAAGC,GADZuC,EAAMjE,EAAKuH,QACW9J,OAAQgE,EAAIC,EAAKD,IACrCwF,EAAIhD,EAAIxC,GACRvC,IACA+H,EAAE5F,GAAK,OAASnC,EACZ3B,EAAQ8J,EAAO5J,OAAS,IAC1BwJ,EAAE9E,MAAQ,GACV8E,EAAE1J,MAAQA,EAAQ,EAClB0J,EAAE3E,MAAQA,EACV2E,EAAEzJ,KAAOA,EACLqB,EAAOuH,KAAKtJ,MAAM,4BACpBmK,EAAE1I,MAAQ0I,EAAE5E,MAAMrF,QAAQ,0BAA2B,SAASA,QAAQ,uBAAwB,UAAUA,QAAQ,mBAAoB,OAAOA,QAAQ,yBAA0B,cAGjLsD,EAAKsB,KAAKqF,GAEE,KAAV5E,IACFxD,EAAO2I,MAAQxH,EAAKwH,OAGxB,OAAO3I,EAAOgB,SAAU,GACvB,SAASiC,GACV,OAAOjD,EAAOgB,SAAU,IAE1B3C,QAAQC,IAAI,YAAaiC,GACzBP,EAAO4I,YAAc,CACnBlB,MAAO,QAET1H,EAAO6I,aAAe,CACpBnB,MAAO,QAET1H,EAAO8I,gBAAkB,CACvBpB,MAAO,QAEW,WAAhBnH,IACFP,EAAO4I,YAAc,CACnBlB,MAAO,SAGS,YAAhBnH,IACFP,EAAO6I,aAAe,CACpBnB,MAAO,SAGS,eAAhBnH,EACF,OAAOP,EAAO8I,gBAAkB,CAC9BpB,MAAO,SAIb1H,EAAOgI,KAAO,WAWZ,OAVAhI,EAAOgB,SAAU,EACjBhB,EAAOmB,KAAO,GACdnB,EAAOoB,aAAe,KACtBpB,EAAOqB,eAAiB,KACxBlB,EAAG4I,IAAI,CAAC9I,EAAY+H,KAAKhI,EAAO8H,MAAO9H,EAAOuD,WAAW,GAAIvD,EAAOmB,KAAM,EAAG,KAAKsB,KAAK,WACrF,OAAOzC,EAAOgB,SAAU,GACvB,SAASiC,GACV,OAAOjD,EAAOgB,SAAU,IAE1BhB,EAAOgJ,aAAe,WACfhJ,EAAOiJ,QAAU,CACtBvB,MAAO,YAGXwB,EAAIhJ,EAAUsH,OAAOvJ,MAAM,YACpB+B,EAAOuH,KAAO2B,EAAIA,EAAE,GAAK,mBAInCC,KAAKC"}
\ No newline at end of file
+{"version":3,"sources":["sessions.js"],"names":["schemes","_whatToTrace","t","v","ipAddr","match","q","replace","_startTime","console","log","doubleIp","_session_uid","overScheme","level","over","length","categories","dateTitle","connectionTitle","authenticationTitle","modulesTitle","saml","groups","ldap","OpenIDConnect","sfaTitle","oidcConsents","menu","session","title","icon","home","angular","module","controller","$scope","$translator","$location","$q","$http","autoId","pathEvent","sessionType","links","menulinks","staticPrefix","scriptname","formPrefix","impPrefix","sessionTTL","availableLanguages","waiting","showM","showT","data","currentScope","currentSession","translateP","translate","translateTitle","node","translateField","menuClick","button","popup","window","open","action","currentNode","deleteOIDCConsent","rp","epoch","items","document","querySelectorAll","id","then","response","e","i","len","results","push","remove","resp","deleteSession","stoggle","scope","$modelValue","nodes","updateTree","value","query","count","toggle","displaySession","sessionId","transformSession","array","attr","attrs","category","cv","element","j","k","key","l","len1","len2","len3","len4","len5","m","name","o","oidcConsent","p","real","ref","ref1","res","sfDevice","spoof","subres","tab","tmp","_insert","re","reg","RegExp","time","_utime","split","localeDate","strToLocaleDate","toString","td","JSON","parse","_loginHistory","successLogin","sort","join","failedLogin","error","a","b","concat","get","s","Date","toLocaleString","isValid","type","path","now","color","font-style","arrayDate","getLanguage","lang","form","init","event","next","current","n","$1","$on","currentQuery","scheme","result","values","total","navssoStyle","offlineStyle","persistentStyle","all","activeModule","myStyle","c","call","this"],"mappings":"CAMA,WACE,IAIAA,EAAU,CACRC,aAAc,CACZ,SAASC,EAAGC,GACV,MAAO,kBAAoBD,EAAI,OAC9B,SAASA,EAAGC,GACb,OAAOD,EAAI,IAAMC,EAAI,aAAeD,GACnC,SAASA,EAAGC,GACb,OAAOD,EAAI,IAAMC,IAGrBC,OAAQ,CACN,SAASF,EAAGC,GACV,MAAO,eAAiBD,EAAI,UAC3B,SAASA,EAAGC,GAIb,OAHKA,EAAEE,MAAM,OACXF,GAAQ,KAEHD,EAAI,IAAMC,EAAI,iBAAmBD,EAAI,UAC3C,SAASA,EAAGC,GAIb,OAHKA,EAAEE,MAAM,OACXF,GAAQ,KAEHD,EAAI,IAAMC,EAAI,iBAAmBD,EAAI,UAC3C,SAASA,EAAGC,GAIb,OAHKA,EAAEE,MAAM,OACXF,GAAQ,KAEHD,EAAI,IAAMC,EAAI,iBAAmBD,EAAI,WAC3C,SAASA,EAAGC,GACb,OAAOD,EAAI,IAAMC,EAAI,yBACpB,SAASD,EAAGC,EAAGG,GAChB,OAAOA,EAAEC,QAAQ,eAAgB,IAAO,iBAAmBJ,IAG/DK,WAAY,CACV,SAASN,EAAGC,GACV,MAAO,kBAAoBD,EAAI,OAC9B,SAASA,EAAGC,GACb,OAAOD,EAAI,IAAMC,EAAI,oBAAsBD,EAAI,QAC9C,SAASA,EAAGC,GACb,OAAOD,EAAI,IAAMC,EAAI,oBAAsBD,EAAI,QAC9C,SAASA,EAAGC,GACb,OAAOD,EAAI,IAAMC,EAAI,oBAAsBD,EAAI,QAC9C,SAASA,EAAGC,GACb,OAAOD,EAAI,IAAMC,EAAI,0BACpB,SAASD,EAAGC,EAAGG,GAIhB,OAHAG,QAAQC,IAAIR,GACZO,QAAQC,IAAIP,GACZM,QAAQC,IAAIJ,GACLA,EAAEC,QAAQ,eAAgB,IAAO,iBAAmBJ,IAG/DQ,SAAU,CACR,SAAST,EAAGC,GACV,OAAOD,GACN,SAASA,EAAGC,GACb,MAAO,gBAAkBA,EAAI,mBAC5B,SAASD,EAAGC,EAAGG,GAChB,OAAOA,EAAEC,QAAQ,eAAgB,IAAO,WAAaJ,IAGzDS,aAAc,CACZ,SAASV,EAAGC,GACV,MAAO,kBAAoBD,EAAI,OAC9B,SAASA,EAAGC,GACb,OAAOD,EAAI,IAAMC,EAAI,aAAeD,GACnC,SAASA,EAAGC,GACb,OAAOD,EAAI,IAAMC,KAKvBU,EAAa,CACXZ,aAAc,SAASC,EAAGC,EAAGW,EAAOC,GAElC,OADAN,QAAQC,IAAI,sBAAuBI,EAAO,OAAQC,GACpC,IAAVD,GAAeX,EAAEa,OAASD,EACrBb,EAAI,IAAMC,EAAI,oBAAsBD,EAAI,KAAOY,EAAQC,EAAO,GAAK,IAEnE,MAGXX,OAAQ,SAASF,EAAGC,EAAGW,EAAOC,GAE5B,OADAN,QAAQC,IAAI,sBAAuBI,EAAO,OAAQC,GACtC,EAARD,GAAaA,EAAQ,IAAMX,EAAEE,MAAM,aAAeU,EAAO,EACpDb,EAAI,IAAMC,EAAI,iBAAmBD,EAAI,KAAO,GAAKY,EAAQ,GAAKC,EAAO,IAAM,KAAO,EAAID,EAAQC,GAAQ,IAEtG,MAGXP,WAAY,SAASN,EAAGC,EAAGW,EAAOC,GAEhC,OADAN,QAAQC,IAAI,sBAAuBI,EAAO,OAAQC,GACtC,EAARD,EACKZ,EAAI,IAAMC,EAAI,oBAAsBD,EAAI,KAAO,GAAKY,EAAQC,GAAQ,IAEpE,MAGXH,aAAc,SAASV,EAAGC,EAAGW,EAAOC,GAElC,OADAN,QAAQC,IAAI,sBAAuBI,EAAO,OAAQC,GACpC,IAAVD,GAAeX,EAAEa,OAASD,EACrBb,EAAI,IAAMC,EAAI,oBAAsBD,EAAI,KAAOY,EAAQC,EAAO,GAAK,IAEnE,OAObE,EAAa,CACXC,UAAW,CAAC,SAAU,aAAc,cAAe,kBAAmB,aACtEC,gBAAiB,CAAC,SAAU,YAAa,QACzCC,oBAAqB,CAAC,cAAe,QAAS,YAAa,uBAC3DC,aAAc,CAAC,QAAS,UAAW,cAAe,YAAa,cAAe,aAAc,eAAgB,OAC5GC,KAAM,CAAC,OAAQ,cAAe,aAAc,oBAAqB,sBACjEC,OAAQ,CAAC,SAAU,WACnBC,KAAM,CAAC,MACPC,cAAe,CAAC,iBAAkB,WAAY,qBAAsB,sBAAuB,0BAC3FC,SAAU,CAAC,cACXC,aAAc,CAAC,kBAGjBC,EAAO,CACLC,QAAS,CACP,CACEC,MAAO,gBACPC,KAAM,UAGVC,KAAM,IAQAC,QAAQC,OAAO,uBAAwB,CAAC,UAAW,eAAgB,UAErEC,WAAW,uBAAwB,CACvC,SAAU,cAAe,YAAa,KAAM,QAAS,SAASC,EAAQC,EAAaC,EAAWC,EAAIC,GAChG,IAAIC,EAAWC,EAAWC,EAid1B,OAhdAP,EAAOQ,MAAQA,MACfR,EAAOS,UAAYA,UACnBT,EAAOU,aAAeA,aACtBV,EAAOW,WAAaA,WACpBX,EAAOY,WAAaA,WACpBZ,EAAOa,UAAYA,UACnBb,EAAOc,WAAaA,WACpBd,EAAOe,mBAAqBA,mBAC5Bf,EAAOgB,SAAU,EACjBhB,EAAOiB,OAAQ,EACfjB,EAAOkB,OAAQ,EACflB,EAAOmB,KAAO,GACdnB,EAAOoB,aAAe,KACtBpB,EAAOqB,eAAiB,KACxBrB,EAAOR,KAAOA,EACdQ,EAAOsB,WAAarB,EAAYqB,WAChCtB,EAAOuB,UAAYtB,EAAYsB,UAC/BvB,EAAOwB,eAAiB,SAASC,GAC/B,OAAOxB,EAAYyB,eAAeD,EAAM,UAE1ClB,EAAc,SACdP,EAAO2B,UAAY,SAASC,GAC1B,GAAIA,EAAOC,MACTC,OAAOC,KAAKH,EAAOC,YAKnB,OAHKD,EAAOI,SACVJ,EAAOI,OAASJ,EAAOlC,cAEVkC,EAAOI,QACpB,IAAK,WACHJ,EAAOI,OAAOhC,EAAOiC,YAAajC,GAClC,MACF,IAAK,SACHA,EAAO4B,EAAOI,UACd,MACF,QACE3D,QAAQC,WAAWsD,EAAOI,QAGhC,OAAOhC,EAAOiB,OAAQ,GAExBjB,EAAOkC,kBAAoB,SAASC,EAAIC,GACtC,IACAC,EAAQC,SAASC,iBAAiB,SAAWH,GAc7C,OAbApC,EAAOgB,SAAU,EACjBZ,EAAc,OAAEO,WAAa,wBAA0BJ,EAAc,IAAMP,EAAOqB,eAAemB,GAAK,OAASL,EAAK,UAAYC,GAAOK,KAAK,SAASC,GACnJ,IAAIC,EAAGC,EAAGC,EAAKC,EAGf,IAFA9C,EAAOgB,SAAU,EACjB8B,EAAU,GACLF,EAAI,EAAGC,EAAMR,EAAMzD,OAAQgE,EAAIC,EAAKD,IACvCD,EAAIN,EAAMO,GACVE,EAAQC,KAAKJ,EAAEK,UAEjB,OAAOF,GACN,SAASG,GACV,OAAOjD,EAAOgB,SAAU,IAEnBhB,EAAOkB,OAAQ,GAExBlB,EAAOkD,cAAgB,WAErB,OADAlD,EAAOgB,SAAU,EACVZ,EAAc,OAAEO,WAAa,YAAcJ,EAAc,IAAMP,EAAOqB,eAAemB,IAAIC,KAAK,SAASC,GAG5G,OAFA1C,EAAOqB,eAAiB,KACxBrB,EAAOoB,aAAa4B,SACbhD,EAAOgB,SAAU,GACvB,SAASiC,GACV,OAAOjD,EAAOgB,SAAU,KAG5BhB,EAAOmD,QAAU,SAASC,GACxB,IACA3B,EAAO2B,EAAMC,YAIb,OAH0B,IAAtB5B,EAAK6B,MAAM1E,QACboB,EAAOuD,WAAW9B,EAAK+B,MAAO/B,EAAK6B,MAAO7B,EAAK/C,MAAO+C,EAAK9C,KAAM8C,EAAKgC,MAAOhC,EAAKiC,OAE7EN,EAAMO,UAEf3D,EAAO4D,eAAiB,SAASR,GAC/B,IAAIS,EACJC,EAAmB,SAASrE,GAC1B,IAAasE,EAAOC,EAAMC,EAAOC,EAAUC,EAAIC,EAAShC,EAAOQ,EAAGyB,EAAGC,EAAGC,EAAKC,EAAG3B,EAAK4B,EAAMC,EAAMC,EAAMC,EAAMC,EAAMC,EAAGC,EAAMC,EAAGC,EAAaC,EAAGC,EAAMC,EAAKC,EAAMC,EAAKC,EAAUC,EAAOC,EAAQC,EAAWhG,EAAOiG,EAAKnC,EACrNoC,EAAU,SAASC,EAAInG,GACrB,IAAI6E,EAAef,EACnBmC,EAAM,GACNG,EAAM,IAAIC,OAAOF,GACjB,IAAKtB,KAAO9E,EACV+D,EAAQ/D,EAAQ8E,GACZA,EAAItG,MAAM6H,IAAQtC,IACpBmC,EAAI5C,KAAK,CACPrD,MAAO6E,EACPf,MAAOA,WAEF/D,EAAQ8E,IAGnB,GAAiB,EAAboB,EAAI/G,OACN,OAAO0G,EAAIvC,KAAK,CACdrD,MAAOA,EACP4D,MAAOqC,KAIbK,EAAOvG,EAAQwG,OACf,IAAK1B,KAAO9E,GACV+D,EAAQ/D,EAAQ8E,KAIS,iBAAZ9E,GAAwB+D,EAAMvF,MAAM,QAC7CwB,EAAQ8E,GAAOf,EAAM0C,MAAM,OAED,iBAAjBzG,EAAQ8E,KAlJZ,YAmJgBtG,MAAM,IAAI8H,OAAO,KAAOxB,EAAM,OACjD9E,EAAQ8E,GAAO,WACNA,EAAItG,MAAM,qDACnBwB,EAAQ8E,GAAOvE,EAAOmG,WAAW3C,GACxBe,EAAItG,MAAM,gCACnBwB,EAAQ8E,GAAOvE,EAAOoG,gBAAgB5C,aAXnC/D,EAAQ8E,GAiBnB,IAAKL,KADLoB,EAAM,GACWzG,EAAY,CAG3B,IADA4G,EAAS,GACJ7C,EAAI,EAAGC,GAFZoB,EAAQpF,EAAWqF,IAEKtF,OAAQgE,EAAIC,EAAKD,IAEvC,GADAoB,EAAOC,EAAMrB,GACTnD,EAAQuE,GACV,GAAIvE,EAAQuE,GAAMqC,WAAWpI,MAAM,yCAA0C,CAQ3E,IAPAwH,EAAO1C,KAAK,CACVrD,MAAO,OACP8D,MAAO,OACPpB,MAAO,OACPkE,GAAI,MAGDjC,EAAI,EAAGI,GADZV,EAAQwC,KAAKC,MAAM/G,EAAQuE,KACFpF,OAAQyF,EAAII,EAAMJ,IAAK,CAE9C,IAAKE,KADLgB,EAAWxB,EAAMM,GAEfb,EAAQ+B,EAAShB,GACL,SAARA,IACF7E,EAAQ8D,GAEE,SAARe,IACFQ,EAAOvB,GAEG,UAARe,IACFnC,EAAQoB,GAGZiC,EAAO1C,KAAK,CACVrD,MAAOA,EACP8D,MAAOuB,EACP3C,MAAOA,EACPkE,GAAI,aAGD7G,EAAQuE,QACV,GAAIvE,EAAQuE,GAAMqC,WAAWpI,MAAM,oBAAqB,CAQ7D,IAPAwH,EAAO1C,KAAK,CACVrD,MAAO,KACP8D,MAAO,QACPpB,MAAO,OACPkE,GAAI,MAGDhC,EAAI,EAAGI,GADZX,EAAQwC,KAAKC,MAAM/G,EAAQuE,KACFpF,OAAQ0F,EAAII,EAAMJ,IAAK,CAE9C,IAAKC,KADLU,EAAclB,EAAMO,GAElBd,EAAQyB,EAAYV,GACR,OAARA,IACF7E,EAAQ8D,GAEE,UAARe,IACFQ,EAAOvB,GAEG,UAARe,IACFnC,EAAQoB,GAGZiC,EAAO1C,KAAK,CACVrD,MAAOA,EACP8D,MAAOuB,EACP3C,MAAOA,EACPkE,GAAI,aAGD7G,EAAQuE,QACNvE,EAAQuE,GAAMqC,WAAWpI,MAAM,QACxCwH,EAAO1C,KAAK,CACVrD,MAAOsE,EACPR,MAAO/D,EAAQuE,GACf5B,MAAO,YAEF3C,EAAQuE,eAKVvE,EAAQuE,GAGC,EAAhByB,EAAO7G,QACT0G,EAAIvC,KAAK,CACPrD,MAAO,KAAOwE,EAAW,KACzBZ,MAAOmC,IAMb,GAFAG,EAAQ,UAAW,UACnBA,EAAQ,qBAAsB,yBAC1BnG,EAAQgH,cAAe,CAEzB,GADAd,EAAM,GACFlG,EAAQgH,cAAcC,aAExB,IAAK5B,EAAI,EAAGH,GADZS,EAAM3F,EAAQgH,cAAcC,cACL9H,OAAQkG,EAAIH,EAAMG,IAAK,CAG5C,IAAKP,KADLJ,EAAK,GADLK,EAAIY,EAAIN,GAGNtB,EAAQgB,EAAED,GACLA,EAAItG,MAAM,6BACbkG,GAAM,KAAOI,EAAM,MAAQf,IAG/BkC,EAAMvB,EAAG+B,MAAM,OACXS,OACJxC,EAAKuB,EAAIkB,KAAK,MACdjB,EAAI5C,KAAK,CACPjF,EAAG0G,EAAEyB,OACLvG,MAAOM,EAAOmG,WAAW3B,EAAEyB,QAC3BzC,MAAQ,eAAiBgB,EAAExG,OAAS,IAAOmG,IAIjD,GAAI1E,EAAQgH,cAAcI,YAExB,IAAK7B,EAAI,EAAGJ,GADZS,EAAO5F,EAAQgH,cAAcI,aACLjI,OAAQoG,EAAIJ,EAAMI,IAAK,CAG7C,IAAKT,KADLJ,EAAK,GADLK,EAAIa,EAAKL,GAGPxB,EAAQgB,EAAED,GACLA,EAAItG,MAAM,6BACbkG,GAAM,KAAOI,EAAM,MAAQf,IAG/BkC,EAAMvB,EAAG+B,MAAM,OACXS,OACJxC,EAAKuB,EAAIkB,KAAK,MACdjB,EAAI5C,KAAK,CACPjF,EAAG0G,EAAEyB,OACLvG,MAAOM,EAAOmG,WAAW3B,EAAEyB,QAC3BzC,MAAQ,SAAWgB,EAAEsC,MAAQ,QAAUtC,EAAExG,OAAS,IAAOmG,WAIxD1E,EAAQgH,cACfd,EAAIgB,KAAK,SAASI,EAAGC,GACnB,OAAOA,EAAElJ,EAAIiJ,EAAEjJ,IAEjBwH,EAAIvC,KAAK,CACPrD,MAAO,mBACP4D,MAAOqC,IAIX,IAAKpB,KADLoB,EAAM,GACMlG,EACV+D,EAAQ/D,EAAQ8E,GAChBoB,EAAI5C,KAAK,CACPrD,MAAO6E,EACPf,MAAOA,IAcX,IAXAmC,EAAIgB,KAAK,SAASI,EAAGC,GACnB,OAAID,EAAErH,MAAQsH,EAAEtH,MACP,EACEqH,EAAErH,MAAQsH,EAAEtH,OACb,EAED,IAGXyF,EAAO,GACPK,EAAQ,GACHN,EAAI,EAAGL,EAAOc,EAAI/G,OAAQsG,EAAIL,EAAMK,KACvCd,EAAUuB,EAAIT,IACFxF,MAAMzB,MAAM,IAAI8H,OAAO,IAAM/F,EAAOa,UAAY,SAC1DxC,QAAQC,IAAI8F,EAAS,qBACrBe,EAAKpC,KAAKqB,IAEVoB,EAAMzC,KAAKqB,GAQf,OALAuB,EAAMH,EAAMyB,OAAO9B,GACnBG,EAAIvC,KAAK,CACPrD,MAAO,0BACP4D,MAAOqC,IAEF,CACLM,OAAQD,EACR1C,MAAOgC,IASX,OANAtF,EAAOoB,aAAegC,EACtBS,EAAYT,EAAMC,YAAY5D,QAC9BW,EAAM8G,IAAIvG,WAAa,YAAcJ,EAAc,IAAMsD,GAAWpB,KAAK,SAASC,GAEhF,OADA1C,EAAOqB,eAAiByC,EAAiBpB,EAASvB,MAC3CnB,EAAOqB,eAAemB,GAAKqB,IAE7B7D,EAAOkB,OAAQ,GAExBlB,EAAOmG,WAAa,SAASgB,GAG3B,OADI,IAAIC,KAAS,IAAJD,GACJE,kBAEXrH,EAAOsH,QAAU,SAASlF,EAAOmF,GAC/B,IACAC,EAAOtH,EAAUsH,OACjBC,EAAML,KAAKK,MAAQ,IAMnB,OALApJ,QAAQC,IAAI,OAAQkJ,GACpBnJ,QAAQC,IAAI,gBAAiB8D,GAC7B/D,QAAQC,IAAI,eAAgBmJ,GAC5BpJ,QAAQC,IAAI,cAAewC,YAC3BwG,EAAUG,EAAMrF,EAAQtB,YAAcZ,EAAUsH,OAAOvJ,MAAM,iBAChD,QAATsJ,GACFlJ,QAAQC,IAAI,cACRgJ,EACK,OAEA,WAES,UAATC,GACTlJ,QAAQC,IAAI,gBACRgJ,EACK,GAEA,CACLI,MAAS,UACTC,aAAc,YAIlBtJ,QAAQC,IAAI,kBACLgJ,IAGXtH,EAAOoG,gBAAkB,SAASe,GAChC,IACAS,EAAYT,EAAElJ,MAAM,gDACpB,OAAK2J,EAAUhJ,OAGX,IAAIwI,KAAKQ,EAAU,GAAK,IAAMA,EAAU,GAAK,IAAMA,EAAU,GAAK,IAAMA,EAAU,GAAK,IAAMA,EAAU,GAAK,IAAMA,EAAU,IACvHP,iBAHAF,GAKXnH,EAAO6H,YAAc,SAASC,GAI5B,OAHA9H,EAAO8H,KAAOA,EACd9H,EAAO+H,KAAO,QACd/H,EAAOgI,OACAhI,EAAOiB,OAAQ,GAExBX,EAAY,SAAS2H,EAAOC,EAAMC,GAEhCC,EAAIF,EAAKjK,MAAM,cAUf,OATAsC,EAAc,SACJ,OAAN6H,EACFpI,EAAOuH,KAAO,eACLa,EAAE,GAAGnK,MAAM,2BACpBsC,EAAcwF,OAAOsC,GACrBrI,EAAOuH,KAAO,gBAEdvH,EAAOuH,KAAOa,EAAE,GAEXpI,EAAOgI,QAEhBhI,EAAOsI,IAAI,yBAA0BhI,GACrCD,EAAS,EACTL,EAAOuD,WAAa,SAASC,EAAO/B,EAAM/C,EAAOC,EAAM4J,EAAc7E,GACnE,IAAID,EAAO+E,EAAQ7C,EA+DnB,GA9DA3F,EAAOgB,SAAU,EACjBwH,EAAS5K,EAAQoC,EAAOuH,QAA+C,gBAAhBvH,EAAOuH,KAAyB3J,EAAQQ,WAAaR,EAAQC,cACpH4F,EAAQ+E,EAAO9J,GAAOsB,EAAOuH,KAAM/D,EAAO+E,GA9gB1C,GA+gBI7E,GAAejF,EAAWuB,EAAOuH,QAC/B5B,EAAMlH,EAAWuB,EAAOuH,MAAMvH,EAAOuH,KAAM/D,EAAO9E,EAAOC,EAAM4J,KACjE5J,IACA8E,EAAQkC,EACRjH,GAAgB,GAKlBC,EAAO,EAETyB,EAAM8G,IAAIvG,WAAa,YAAcJ,EAAc,IAAMkD,GAAOhB,KAAK,SAASC,GAC5E,IAAUE,EAAGC,EAAKuF,EAAGhD,EACrBjE,EAAOuB,EAASvB,KAChB,GAAIA,EAAKsH,OAAQ,CAEf,IAAK7F,EAAI,EAAGC,GADZuC,EAAMjE,EAAKuH,QACW9J,OAAQgE,EAAIC,EAAKD,IACrCwF,EAAIhD,EAAIxC,GACRvC,IACA+H,EAAE5F,GAAK,OAASnC,EACZ3B,EAAQ8J,EAAO5J,OAAS,IAC1BwJ,EAAE9E,MAAQ,GACV8E,EAAE1J,MAAQA,EAAQ,EAClB0J,EAAE3E,MAAQA,EACV2E,EAAEzJ,KAAOA,EACLqB,EAAOuH,KAAKtJ,MAAM,4BACpBmK,EAAE1I,MAAQ0I,EAAE5E,MAAMrF,QAAQ,0BAA2B,SAASA,QAAQ,uBAAwB,UAAUA,QAAQ,mBAAoB,OAAOA,QAAQ,yBAA0B,cAGjLsD,EAAKsB,KAAKqF,GAEE,KAAV5E,IACFxD,EAAO2I,MAAQxH,EAAKwH,OAGxB,OAAO3I,EAAOgB,SAAU,GACvB,SAASiC,GACV,OAAOjD,EAAOgB,SAAU,IAE1B3C,QAAQC,IAAI,YAAaiC,GACzBP,EAAO4I,YAAc,CACnBlB,MAAO,QAET1H,EAAO6I,aAAe,CACpBnB,MAAO,QAET1H,EAAO8I,gBAAkB,CACvBpB,MAAO,QAEW,WAAhBnH,IACFP,EAAO4I,YAAc,CACnBlB,MAAO,SAGS,YAAhBnH,IACFP,EAAO6I,aAAe,CACpBnB,MAAO,SAGS,eAAhBnH,EACF,OAAOP,EAAO8I,gBAAkB,CAC9BpB,MAAO,SAIb1H,EAAOgI,KAAO,WAWZ,OAVAhI,EAAOgB,SAAU,EACjBhB,EAAOmB,KAAO,GACdnB,EAAOoB,aAAe,KACtBpB,EAAOqB,eAAiB,KACxBlB,EAAG4I,IAAI,CAAC9I,EAAY+H,KAAKhI,EAAO8H,MAAO9H,EAAOuD,WAAW,GAAIvD,EAAOmB,KAAM,EAAG,KAAKsB,KAAK,WACrF,OAAOzC,EAAOgB,SAAU,GACvB,SAASiC,GACV,OAAOjD,EAAOgB,SAAU,IAE1BhB,EAAOgJ,aAAe,WACfhJ,EAAOiJ,QAAU,CACtBvB,MAAO,YAGXwB,EAAIhJ,EAAUsH,OAAOvJ,MAAM,YACpB+B,EAAOuH,KAAO2B,EAAIA,EAAE,GAAK,mBAInCC,KAAKC"}
\ No newline at end of file
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/OpenIDConnect.pm
index f9563425f22fa50edc81a6a8652a4da2104425ed..3a2c3e71de8f8d75b925914d30cc0532c8d050dc 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/OpenIDConnect.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/OpenIDConnect.pm
@@ -3,6 +3,7 @@ package Lemonldap::NG::Portal::Auth::OpenIDConnect;
 use strict;
 use Mouse;
 use MIME::Base64 qw/encode_base64 decode_base64/;
+use Scalar::Util qw/looks_like_number/;
 use Lemonldap::NG::Common::JWT qw(getJWTPayload);
 use Lemonldap::NG::Portal::Main::Constants qw(
   PE_OK
@@ -159,11 +160,19 @@ sub extractFormInfo {
             $self->logger->debug("Token response is valid");
         }
 
-        my $access_token = $token_response->{access_token};
-        my $id_token     = $token_response->{id_token};
+        my $access_token  = $token_response->{access_token};
+        my $expires_in    = $token_response->{expires_in};
+        my $id_token      = $token_response->{id_token};
+        my $refresh_token = $token_response->{refresh_token};
+
+        undef $expires_in unless looks_like_number($expires_in);
 
         $self->logger->debug("Access token: $access_token");
+        $self->logger->debug(
+            "Access token expires in: " . ( $expires_in || "<unknown>" ) );
         $self->logger->debug("ID token: $id_token");
+        $self->logger->debug(
+            "Refresh token: " . ( $refresh_token || "<none>" ) );
 
         # Verify JWT signature
         if ( $self->conf->{oidcOPMetaDataOptions}->{$op}
@@ -219,8 +228,15 @@ sub extractFormInfo {
         my $user_id = $id_token_payload_hash->{sub};
 
         # Remember tokens
-        $req->data->{access_token} = $access_token;
-        $req->data->{id_token}     = $id_token;
+        $req->data->{access_token}  = $access_token;
+        $req->data->{refresh_token} = $refresh_token if $refresh_token;
+        $req->data->{id_token}      = $id_token;
+
+        # If access token TTL is given save expiration date
+        # (with security margin)
+        if ($expires_in) {
+            $req->data->{access_token_eol} = time + ( $expires_in * 0.9 );
+        }
 
         $self->logger->debug( "Found user_id: " . $user_id );
         $req->user($user_id);
@@ -303,6 +319,16 @@ sub setAuthSessionInfo {
     $req->{sessionInfo}->{_oidc_access_token} =
       $req->data->{access_token};
 
+    if ( $req->data->{refresh_token} ) {
+        $req->{sessionInfo}->{_oidc_refresh_token} =
+          $req->data->{refresh_token};
+    }
+
+    if ( $req->data->{access_token_eol} ) {
+        $req->{sessionInfo}->{_oidc_access_token_eol} =
+          $req->data->{access_token_eol};
+    }
+
     # Keep ID Token in session
     my $store_IDToken = $self->conf->{oidcOPMetaDataOptions}->{$op}
       ->{oidcOPMetaDataOptionsStoreIDToken};
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm
index 114c0dcd623fc90ff21b8133b0c5dec533fb3f6d..4307f7eb78cd631d33ee7c4c389fd3904eb734d1 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm
@@ -18,6 +18,7 @@ use Lemonldap::NG::Common::JWT
   qw(getAccessTokenSessionId getJWTPayload getJWTHeader getJWTSignature getJWTSignedData);
 use MIME::Base64
   qw/encode_base64 decode_base64 encode_base64url decode_base64url/;
+use Scalar::Util qw/looks_like_number/;
 use Mouse;
 
 use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_REDIRECT);
@@ -703,6 +704,134 @@ sub checkIDTokenValidity {
     return 1;
 }
 
+# Returns the current OP and a valid Access token
+sub getUserInfoParams {
+    my ( $self, $req ) = @_;
+
+    my $op = $req->data->{_oidcOPCurrent};
+
+    if ($op) {
+
+        # We are in the middle of an auth process,
+        # access token has just been fetched already
+        my $access_token = $req->data->{access_token};
+        return ( $op, $access_token );
+    }
+    else {
+        # Get OP and access token from existing session (refresh)
+        return $self->getUserInfoParamsFromSession($req);
+    }
+}
+
+sub getUserInfoParamsFromSession {
+    my ( $self, $req ) = @_;
+    my $op = $req->userData->{_oidc_OP};
+
+    # Save current OP, we will need it for setSessionInfo & friends
+    $req->data->{_oidcOPCurrent} = $op;
+
+    if ($op) {
+        my $access_token     = $req->userData->{_oidc_access_token};
+        my $access_token_eol = $req->userData->{_oidc_access_token_eol};
+        if ($access_token_eol) {
+            return $self->refreshAccessTokenIfExpired( $req, $op );
+        }
+        else {
+            # We don't know the TTL for this access token,
+            # so we can only hope that it works
+            return ( $op, $access_token );
+        }
+    }
+    else {
+        $self->logger->warn("No OP found in session");
+        return ( $op, undef );
+    }
+}
+
+sub refreshAccessTokenIfExpired {
+    my ( $self, $req, $op, $session ) = @_;
+
+    # Handle unauthenticated OIDC calls
+    my $data = $session ? $session->data : $req->userData;
+
+    my $access_token     = $data->{_oidc_access_token};
+    my $access_token_eol = $data->{_oidc_access_token_eol};
+    if ( time < $access_token_eol ) {
+
+        # Access Token is still valid, return it
+        return ( $op, $access_token );
+    }
+    else {
+        # Refresh Access Token
+        return ( $op, $self->refreshAccessToken( $req, $op, $session ) );
+    }
+}
+
+sub refreshAccessToken {
+    my ( $self, $req, $op, $session ) = @_;
+
+    # Handle unauthenticated OIDC calls
+    my $data       = $session ? $session->data : $req->userData;
+    my $session_id = $session ? $session->id   : $req->id;
+
+    my $refresh_token = $data->{_oidc_refresh_token};
+
+    if ($refresh_token) {
+
+        my $content =
+          $self->getAccessTokenFromTokenEndpoint( $req, $op, 'refresh_token',
+            { refresh_token => $refresh_token } );
+
+        if ($content) {
+            my $token_response = $self->decodeTokenResponse($content);
+            if ($token_response) {
+
+                my $access_token  = $token_response->{access_token};
+                my $expires_in    = $token_response->{expires_in};
+                my $refresh_token = $token_response->{refresh_token};
+
+                undef $expires_in unless looks_like_number($expires_in);
+
+                $self->logger->debug("Access token: $access_token");
+                $self->logger->debug( "Access token expires in: "
+                      . ( $expires_in || "<unknown>" ) );
+                $self->logger->debug(
+                    "Refresh token: " . ( $refresh_token || "<none>" ) );
+
+                my $updateSession;
+
+                # Remember tokens
+                $updateSession->{_oidc_access_token}  = $access_token;
+                $updateSession->{_oidc_refresh_token} = $refresh_token
+                  if $refresh_token;
+
+                # If access token TTL is given save expiration date
+                # (with security margin)
+                if ($expires_in) {
+                    $updateSession->{_oidc_access_token_eol} =
+                      time + ( $expires_in * 0.9 );
+                }
+
+                $self->p->updateSession( $req, $updateSession, $session_id );
+
+                return ($access_token);
+            }
+            else {
+                $self->logger->warn("Could not decode Token Response for $op");
+                return undef;
+            }
+        }
+        else {
+            $self->logger->warn("Could not fetch new Access Token for $op");
+            return undef;
+        }
+    }
+    else {
+        $self->logger->warn("No Refresh Token was found for $op");
+        return undef;
+    }
+}
+
 # Get UserInfo response
 # return String UserInfo response decoded content
 sub getUserInfo {
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
index 9b216870d4fb0bfd5d4a5ba537c64a32500d3e2b..d3323e3a5f1683f19b73c6da2e596e07071f6046 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
@@ -203,8 +203,30 @@ sub refresh {
     $req->user( $data{_user} || $data{ $self->conf->{whatToTrace} } );
     $req->id( $data{_session_id} );
     foreach ( keys %data ) {
-        delete $data{$_}
-          unless ( /^_/ or /^(?:startTime|authenticationLevel)$/ );
+
+        # Variables that start with _ are kept accross refresh
+        if (/^_/) {
+
+            # But not OIDC tokens, which can be refreshed
+            if (
+/^(_oidc_access_token|_oidc_refresh_token|_oidc_access_token_eol)$/
+              )
+            {
+                delete $data{$_};
+            }
+
+        }
+
+        # Other variables should be refreshed
+        else {
+            # But not these two
+            if (/^(?:startTime|authenticationLevel)$/) {
+                next;
+            }
+            else {
+                delete $data{$_};
+            }
+        }
     }
     $data{_updateTime} = strftime( "%Y%m%d%H%M%S", localtime() );
     $self->logger->debug(
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/OpenIDConnect.pm
index 30444db0861c38775f78f859b7a7813d49ab5a79..b247317fd3b2eda10eb24d71a858da599bbfc550 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/OpenIDConnect.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/OpenIDConnect.pm
@@ -27,7 +27,8 @@ sub init {
 
 sub getUser {
     my ( $self, $req ) = @_;
-    my $op = $req->data->{_oidcOPCurrent};
+
+    my ( $op, $access_token ) = $self->getUserInfoParams($req);
 
     # This is likely to happen when running getUser without extractFormInfo
     # see #1980
@@ -36,7 +37,10 @@ sub getUser {
         return PE_ERROR;
     }
 
-    my $access_token = $req->data->{access_token};
+    unless ($access_token) {
+        $self->logger->warn("Could not get Access Token for User Info request");
+        return PE_ERROR;
+    }
 
     my $userinfo_content = $self->getUserInfo( $op, $access_token );
 
diff --git a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code.t b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code.t
index 9e03d21eceecd90a494d4fab8acd3902eb3c5649..30152d7d9659739f1313c77872c4167a2f03b36f 100644
--- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code.t
+++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code.t
@@ -200,9 +200,13 @@ count(2);
 switch ('rp');
 ok( $res = $rp->_get("/sessions/global/$spId"), 'Get UTF-8' );
 $res = expectJSON($res);
-ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' )
-  or explain( $res, 'cn => Frédéric Accents' );
-count(2);
+my $access_token_eol = $res->{_oidc_access_token_eol};
+my $access_token_old = $res->{_oidc_access_token};
+ok( $access_token_eol, 'OIDC EOL time is stored' );
+ok( $access_token_old, 'Obtained refresh token' );
+is( $res->{cn},   'Frédéric Accents', 'UTF-8 values' );
+is( $res->{mail}, 'fa@badwolf.org',     'Correct email' );
+count(5);
 
 is( $res->{userinfo_hook}, "op/french", "oidcGotUserInfo called" );
 is( $res->{id_token_hook}, "op/french", "oidcGotIDToken called" );
@@ -212,6 +216,77 @@ my $id_token_decoded = id_token_payload( $res->{_oidc_id_token} );
 is( $id_token_decoded->{acr}, 'customacr-1', "Correct custom ACR" );
 count(1);
 
+# Update session at OP
+$Lemonldap::NG::Portal::UserDB::Demo::demoAccounts{french} = {
+    uid  => 'french',
+    cn   => 'Frédéric Accents',
+    mail => 'fa2@badwolf.org',
+    guy  => '',
+    type => '',
+};
+switch ('op');
+ok( $op->_get( '/refresh', cookie => "lemonldap=$idpId" ) );
+count(1);
+switch ('rp');
+
+# Test session refresh (before access token refresh)
+ok(
+    $res = $rp->_get(
+        '/refresh',
+        cookie => "lemonldap=$spId",
+        accept => 'text/html'
+    ),
+    'Query RP for refresh'
+);
+count(1);
+
+ok( $res = $rp->_get("/sessions/global/$spId"), 'Get session after refresh' );
+count(1);
+$res = expectJSON($res);
+my $access_token_new     = $res->{_oidc_access_token};
+my $access_token_new_eol = $res->{_oidc_access_token_eol};
+is( $access_token_new_eol, $access_token_eol,
+    "Access token EOL has not changed" );
+is( $access_token_new, $access_token_old, "Access token has not changed" );
+is( $res->{mail},      'fa2@badwolf.org', 'Updated RP session' );
+count(3);
+
+# Update session at OP
+$Lemonldap::NG::Portal::UserDB::Demo::demoAccounts{french} = {
+    uid  => 'french',
+    cn   => 'Frédéric Accents',
+    mail => 'fa3@badwolf.org',
+    guy  => '',
+    type => '',
+};
+switch ('op');
+ok( $op->_get( '/refresh', cookie => "lemonldap=$idpId" ) );
+count(1);
+switch ('rp');
+
+# Test session refresh (with access token refresh)
+Time::Fake->offset("+2h");
+ok(
+    $res = $rp->_get(
+        '/refresh',
+        cookie => "lemonldap=$spId",
+        accept => 'text/html'
+    ),
+    'Query RP for refresh'
+);
+count(1);
+
+ok( $res = $rp->_get("/sessions/global/$spId"), 'Get session after refresh' );
+count(1);
+$res                  = expectJSON($res);
+$access_token_new     = $res->{_oidc_access_token};
+$access_token_new_eol = $res->{_oidc_access_token_eol};
+isnt( $access_token_new_eol, $access_token_eol,
+    "Access token EOL has changed" );
+isnt( $access_token_new, $access_token_old, "Access token has changed" );
+is( $res->{mail}, 'fa3@badwolf.org', 'Updated RP session' );
+count(3);
+
 # Logout initiated by RP
 ok(
     $res = $rp->_get(
@@ -346,6 +421,7 @@ sub op {
                 userDB                          => 'Same',
                 issuerDBOpenIDConnectActivation => "1",
                 restSessionServer               => 1,
+                restExportSecretKeys            => 1,
                 oidcRPMetaDataExportedVars      => {
                     rp => {
                         email       => "mail",
@@ -364,6 +440,7 @@ sub op {
                         oidcRPMetaDataOptionsIDTokenSignAlg    => "HS512",
                         oidcRPMetaDataOptionsBypassConsent     => 0,
                         oidcRPMetaDataOptionsClientSecret      => "rpsecret",
+                        oidcRPMetaDataOptionsRefreshToken      => 1,
                         oidcRPMetaDataOptionsUserIDAttr        => "",
                         oidcRPMetaDataOptionsAccessTokenExpiration  => 3600,
                         oidcRPMetaDataOptionsPostLogoutRedirectUris =>
@@ -398,6 +475,7 @@ sub rp {
                 authentication             => 'OpenIDConnect',
                 userDB                     => 'Same',
                 restSessionServer          => 1,
+                restExportSecretKeys       => 1,
                 oidcOPMetaDataExportedVars => {
                     op => {
                         cn   => "name",
@@ -411,7 +489,7 @@ sub rp {
                         oidcOPMetaDataOptionsCheckJWTSignature => 1,
                         oidcOPMetaDataOptionsJWKSTimeout       => 0,
                         oidcOPMetaDataOptionsClientSecret      => "rpsecret",
-                        oidcOPMetaDataOptionsScope        => "openid profile",
+                        oidcOPMetaDataOptionsScope => "openid profile email",
                         oidcOPMetaDataOptionsStoreIDToken => 0,
                         oidcOPMetaDataOptionsMaxAge       => 30,
                         oidcOPMetaDataOptionsDisplay      => "",