Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove LRU cashe for invalid tokens #235

Merged
merged 5 commits into from
May 24, 2024
Merged

Remove LRU cashe for invalid tokens #235

merged 5 commits into from
May 24, 2024

Conversation

raakella1
Copy link
Contributor

@raakella1 raakella1 commented May 23, 2024
edited
Loading

Fix token expired issue due to time drift in issued_at claim,, more info https://jirap.corp.ebay.com/browse/SDSTOR-13615?filter=-1
Do not cache invalid tokens. Add leeways for issued_at and not_before claims as an optimization.
Also, add leeway to trf client to download token ahead of its expiry.

Ravi Nagarjun Akella added 3 commits May 23, 2024 11:33
@sbinmalek sbinmalek self-requested a review May 23, 2024 22:04
sbinmalek
sbinmalek previously approved these changes May 23, 2024
View reviewed changes
Copy link

@sbinmalek sbinmalek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@raakella1 raakella1 changed the title Remove LRU cashe for tokens Remove LRU cashe for invalid tokens May 23, 2024
jiankyu
jiankyu reviewed May 23, 2024
View reviewed changes
include/sisl/auth_manager/trf_client.hpp Outdated
bool access_token_expired() const {
return (std::chrono::system_clock::now() >
m_expiry + std::chrono::seconds(SECURITY_DYNAMIC_CONFIG(auth_manager->leeway)));
m_expiry - std::chrono::seconds(SECURITY_DYNAMIC_CONFIG(trf_client->trf_expiry_leeway_secs)));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the library verify() already covers the timestamp check, do we need to check it one more time here? I mean, should we still need this "access_token_expired()" method?

jiankyu
jiankyu previously approved these changes May 24, 2024
View reviewed changes
Copy link
Contributor

@jiankyu jiankyu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

sbinmalek
sbinmalek approved these changes May 24, 2024
View reviewed changes
Copy link

@sbinmalek sbinmalek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LG!

@raakella1 raakella1 merged commit ccabd78 into eBay:stable/v8.x May 24, 2024
7 checks passed
@raakella1 raakella1 deleted the remove_lru_token branch May 24, 2024 17:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sbinmalek sbinmalek sbinmalek approved these changes

@jiankyu jiankyu jiankyu left review comments

@shosseinimotlagh shosseinimotlagh Awaiting requested review from shosseinimotlagh

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@raakella1 @jiankyu @sbinmalek