Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Make expiry of auth requests configurable#1372

Merged
srenatus merged 2 commits into
dexidp:masterfrom
conetcloud:configurable-auth-request-expiry
Dec 13, 2018
Merged

Make expiry of auth requests configurable#1372
srenatus merged 2 commits into
dexidp:masterfrom
conetcloud:configurable-auth-request-expiry

Conversation

@mxey
Copy link
Copy Markdown
Contributor

@mxey mxey commented Dec 13, 2018

This is a band-aid against #1292

I did not change the default from 24h, but I think it should be much lower for safety.

@mxey mxey force-pushed the configurable-auth-request-expiry branch from 3c1e667 to 468c74d Compare December 13, 2018 10:50
srenatus
srenatus approved these changes Dec 13, 2018
View reviewed changes
Copy link
Copy Markdown
Contributor

@srenatus srenatus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a fine band aid 😃 Thank you for contributing. One nitpick, but this looks good. 👍

Comment thread cmd/dex/config_test.go Outdated
expiry:
signingKeys: "6h"
idTokens: "24h"
authRequests: "24h"
Copy link
Copy Markdown
Contributor

@srenatus srenatus Dec 13, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we attempt to test something that's not the default here? I know it shouldn't matter for the code path, but it's just to be on the safe side. Let's do 25hrs or something 😉 (And if you care to, changing signingKeys and idTokens would be cool, too.

Copy link
Copy Markdown
Contributor Author

@mxey mxey Dec 13, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pushed a second commit.

@srenatus
Copy link
Copy Markdown
Contributor

srenatus commented Dec 13, 2018

@mxey Out of curiosity, what's a setting you'd propose to use in practice? (Just gathering opinions 😄 )

@mxey
Copy link
Copy Markdown
Contributor Author

mxey commented Dec 13, 2018

@mxey Out of curiosity, what's a setting you'd propose to use in practice? (Just gathering opinions 😄 )

I am going to set it to 5 minutes, because I don't expect our (internal) users to leave open the login dialog and come back an hour later.

@srenatus
Copy link
Copy Markdown
Contributor

srenatus commented Dec 13, 2018

[...] come back an hour later.

💭 Or a day.

Thanks again!

@srenatus srenatus merged commit a3cf7b6 into dexidp:master Dec 13, 2018
mmrath pushed a commit to mmrath/dex that referenced this pull request Sep 2, 2019
@srenatus
Merge pull request dexidp#1372 from babiel/configurable-auth-request-…
5f1cf64 
…expiry

Make expiry of auth requests configurable

This is a band-aid against dexidp#1292

I did not change the default from 24h, but I think it should be much lower for safety.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@srenatus srenatus srenatus approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mxey @srenatus