🐛 [#4435] Exempt legacy OIDC URLs from sessionrefresh

by default, the OIDC endpoints that are used are marked as exempt from SessionRefresh, but this caused infinite redirects in case the legacy URLs were used

src/openforms/conf/base.py

@@ -266,7 +266,7 @@
     "openforms.translations.middleware.AdminLocaleMiddleware",
     "hijack.middleware.HijackUserMiddleware",
     "openforms.middleware.SessionTimeoutMiddleware",
-    "mozilla_django_oidc_db.middleware.SessionRefresh",
+    "openforms.utils.middleware.SessionRefresh",
     "maykin_2fa.middleware.OTPMiddleware",
     "django.contrib.messages.middleware.MessageMiddleware",
     "django.middleware.clickjacking.XFrameOptionsMiddleware",

src/openforms/utils/middleware.py

@@ -1,3 +1,8 @@
+from django.urls import reverse
+from django.utils.functional import cached_property
+
+from mozilla_django_oidc_db.middleware import SessionRefresh as _SessionRefresh
+
 from openforms.config.models import CSPSetting
 
 
@@ -60,3 +65,24 @@ def _append_dict_list_values(target, source):
                 target[k] = [v]
             else:
                 target[k] = list(set(v))
+
+
+class SessionRefresh(_SessionRefresh):
+
+    @cached_property
+    def exempt_urls(self):
+        """
+        Issue: https://github.com/open-formulieren/open-forms/issues/4435
+
+        Make sure the legacy OIDC URLs are also exempt from session refresh to avoid
+        infinite redirects
+        """
+        extra = {
+            reverse(name)
+            for name in [
+                "legacy_oidc:oidc_authentication_init",
+                "legacy_oidc:oidc_authentication_callback",
+                "legacy_oidc:oidc_logout",
+            ]
+        }
+        return super().exempt_urls | extra