Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix: fallback to source creds expiration in downscoped tokens #805

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
arithmetic1728 merged 2 commits into from
Jul 20, 2021
Merged

fix: fallback to source creds expiration in downscoped tokens #805

arithmetic1728 merged 2 commits into from
Jul 20, 2021

Conversation

@bojeil-google
Copy link
Contributor

@bojeil-google bojeil-google commented Jul 19, 2021

For downscoping CAB flow, the STS endpoint may not return the expiration
field for certain source credentials. The generated downscoped token
should always have the same expiration time as the source credentials.
When no expires_in field is returned in the response, we can just get
the expiration time from the source credentials.

@bojeil-google
fix: fallback to source creds expiration in downscoped tokens
dc44087 
For downscoping CAB flow, the STS endpoint may not return the expiration
field for certain source credentials. The generated downscoped token
should always have the same expiration time as the source credentials.
When no `expires_in` field is returned in the response, we can just get
the expiration time from the source credentials.
@bojeil-google bojeil-google requested a review from a team as a code owner July 19, 2021 17:54
@google-cla google-cla bot added the cla: yes This human has signed the Contributor License Agreement. label Jul 19, 2021
@busunkim96 busunkim96 added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 19, 2021
@yoshi-kokoro yoshi-kokoro removed kokoro:force-run Add this label to force Kokoro to re-run the tests. labels Jul 19, 2021
@busunkim96
Copy link
Contributor

busunkim96 commented Jul 19, 2021

Failures are due to an expired user credential (a return of #795).

@arithmetic1728 arithmetic1728 merged commit dfad661 into googleapis:master Jul 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@arithmetic1728 arithmetic1728 arithmetic1728 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cla: yes This human has signed the Contributor License Agreement.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@bojeil-google @busunkim96 @arithmetic1728 @yoshi-kokoro