-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: custom client token ttl #3206
Conversation
@@ -45,6 +46,7 @@ import ( | |||
"github.com/stretchr/testify/assert" | |||
"github.com/stretchr/testify/require" | |||
"golang.org/x/oauth2" | |||
goauth2 "golang.org/x/oauth2" | |||
"golang.org/x/oauth2/clientcredentials" | |||
|
|||
"github.com/ory/fosite" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@aeneasr The error is in CI as well, so we probably forgot to run quicktest after removing the // swagger:ignore
directives
LINE 135 in this file:
--- FAIL: TestAuthCodeWithDefaultStrategy (9.01s)
--- FAIL: TestAuthCodeWithDefaultStrategy/case=respects_client_token_lifespan_configuration (0.09s)
--- FAIL: TestAuthCodeWithDefaultStrategy/case=respects_client_token_lifespan_configuration/case=custom-lifespans-active-jwt (0.09s)
oauth2_auth_code_test.go:135:
Error Trace: oauth2_auth_code_test.go:135
server.go:2047
server.go:2879
server.go:1930
asm_amd64.s:1581
Error: Received unexpected error:
json: cannot unmarshal string into Go struct field OAuth2Client.client.implicit_grant_access_token_lifespan of type models.NullDuration
Test: TestAuthCodeWithDefaultStrategy/case=respects_client_token_lifespan_configuration/case=custom-lifespans-active-jwt
oauth2_auth_code_test.go:124:
Error Trace: oauth2_auth_code_test.go:124
oauth2_auth_code_test.go:407
oauth2_auth_code_test.go:460
Error: Received unexpected error:
Get "http://127.0.0.1:40185/?login_challenge=8339eb8eaae04cf69556fb80e8c7c86d": EOF
Test: TestAuthCodeWithDefaultStrategy/case=respects_client_token_lifespan_configuration/case=custom-lifespans-active-jwt
) | ||
|
||
app.use( | ||
session({ | ||
secret: '804cd9c9-b447-4df0-b9f0-3126893d3a8e', | ||
secret: "804cd9c9-b447-4df0-b9f0-3126893d3a8e", |
Check failure
Code scanning / CodeQL
Hard-coded credentials
const credentials = { | ||
client: { | ||
id: req.query.client_id, | ||
secret: req.query.client_secret | ||
secret: req.query.client_secret, |
Check warning
Code scanning / CodeQL
Sensitive data read from GET request
const credentials = { | ||
client: { | ||
id: req.query.client_id, | ||
secret: req.query.client_secret | ||
secret: req.query.client_secret, |
Check warning
Code scanning / CodeQL
Sensitive data read from GET request
const credentials = { | ||
client_id: req.query.client_id, | ||
client_secret: req.query.client_secret | ||
client_secret: req.query.client_secret, |
Check warning
Code scanning / CodeQL
Sensitive data read from GET request
session({ | ||
secret: '804cd9c9-b447-4df0-b9f0-3126893d3a8e', | ||
secret: "804cd9c9-b447-4df0-b9f0-3126893d3a8e", | ||
resave: false, | ||
saveUninitialized: true, | ||
cookie: { | ||
secure: false, | ||
httpOnly: true | ||
} | ||
}) | ||
httpOnly: true, | ||
}, | ||
}), |
Check warning
Code scanning / CodeQL
Clear text transmission of sensitive cookie
This change introduces a new endpoint that allows you to control how long client tokens last. Now you can configure the lifespan for each valid combination of Client, GrantType, and TokenType. Part of #3157
a5b948c
to
69e9890
Compare
internal/testhelpers/oauth2.go
Outdated
"PUT", | ||
adminTS.URL+client.ClientsHandlerPath+"/"+clientID+"/lifespans", | ||
bytes.NewBuffer(b), | ||
"application/x-www-form-urlencoded", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't this be application/json
? I don't think it really matters because we use a "dumb" json decoder, but would be good to fix anyways
Codecov Report
@@ Coverage Diff @@
## master #3206 +/- ##
==========================================
- Coverage 79.55% 79.34% -0.21%
==========================================
Files 112 111 -1
Lines 7971 8070 +99
==========================================
+ Hits 6341 6403 +62
- Misses 1225 1256 +31
- Partials 405 411 +6
Help us with your feedback. Take ten seconds to tell us how you rate us. |
This change introduces a new endpoint that allows you to control how long client tokens last. Now you can configure the lifespan for each valid combination of Client, GrantType, and TokenType. See #3157 Co-authored-by: aeneasr <3372410+aeneasr@users.noreply.github.com> Co-authored-by: Andreas Bucksteeg <andreas@bucksteeg.de>
This change introduces a new endpoint that allows you to control how long client tokens last. Now you can configure the lifespan for each valid combination of Client, GrantType, and TokenType. See #3157 Co-authored-by: aeneasr <3372410+aeneasr@users.noreply.github.com> Co-authored-by: Andreas Bucksteeg <andreas@bucksteeg.de>
This change introduces a new endpoint that allows you to control how long client tokens last. Now you can configure the lifespan for each valid combination of Client, GrantType, and TokenType. See #3157 Co-authored-by: aeneasr <3372410+aeneasr@users.noreply.github.com> Co-authored-by: Andreas Bucksteeg <andreas@bucksteeg.de>
This change introduces a new endpoint that allows you to control how long client tokens last. Now you can configure the lifespan for each valid combination of Client, GrantType, and TokenType. See #3157 Co-authored-by: aeneasr <3372410+aeneasr@users.noreply.github.com> Co-authored-by: Andreas Bucksteeg <andreas@bucksteeg.de>
This change introduces a new endpoint that allows you to control how long client tokens last. Now you can configure the lifespan for each valid combination of Client, GrantType, and TokenType. See #3157 Co-authored-by: aeneasr <3372410+aeneasr@users.noreply.github.com> Co-authored-by: Andreas Bucksteeg <andreas@bucksteeg.de>
This change introduces a new endpoint that allows you to control how long client tokens last. Now you can configure the lifespan for each valid combination of Client, GrantType, and TokenType. See #3157 Co-authored-by: aeneasr <3372410+aeneasr@users.noreply.github.com> Co-authored-by: Andreas Bucksteeg <andreas@bucksteeg.de>
@grantzvolsky Is there gonna be a cli integration for this? |
@kotyara85 I'm not aware of a plan to implement this in the cli. Feel free to open a feature request; it could be a good first issue. |
@aeneasr Please note that I added
swagger:ignore
to the new fields in Client because otherwise the nullDuration fields broke the output ofmake sdk
.This change introduces a new endpoint that allows you to control how long client tokens last. Now you can configure the lifespan for each valid combination of Client, GrantType, and TokenType.
Part of #3157
Related issue(s)
Checklist
If this pull request addresses a security. vulnerability,
I confirm that I got green light (please contact security@ory.sh) from the maintainers to push the changes.
Further Comments