oauth2: add "default_expires_in" config option#14625
oauth2: add "default_expires_in" config option#14625riptl wants to merge 4 commits intoenvoyproxy:mainfrom
Conversation
|
Hi @terorie, welcome and thank you for your contribution. We will try to review your Pull Request as quickly as possible. In the meantime, please take a look at the contribution guidelines if you have not done so already. |
|
CC @envoyproxy/api-shepherds: Your approval is needed for changes made to |
riptl
changed the title
Signed-off-by: Richard Patel <me@terorie.dev>
Signed-off-by: Richard Patel <me@terorie.dev>
riptl
force-pushed
the
oauth-default-expire-in
branch
from
90dd0a3 to
b7854e2
Compare
|
/lgtm api |
|
cc: @williamsfu99 |
Signed-off-by: Richard Patel <me@terorie.dev>
Signed-off-by: Richard Patel <me@terorie.dev>
riptl
force-pushed
the
oauth-default-expire-in
branch
from
67ca4bc to
80ba2ff
Compare
|
I merged in the latest changes of main. I think the code is fine but CI is failing in unrelated parts. |
|
This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in 7 days if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions! |
github-actions
Bot
added
the
stale
|
This pull request has been automatically closed because it has not had activity in the last 37 days. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions! |
|
@rgs1 @williamsfu99 Can we re-open this? The underlying issue still remains. I will rebase asap |
| if (response.has_expires_in()) { | ||
| expires_in = std::chrono::seconds{response.expires_in().value()}; | ||
| } | ||
| if (expires_in <= 0s) { |
There was a problem hiding this comment.
This inherently adds a check that the response's expires_in field doesn't contain some logically invalid negative duration. Probably a good thing to send a local reply instead of setting client cookies etc.
| expires_in = std::chrono::seconds{response.expires_in().value()}; | ||
| } | ||
| if (expires_in <= 0s) { | ||
| ENVOY_LOG(debug, "No default or explicit access token expiration after asyncGetAccessToken"); |
There was a problem hiding this comment.
nit - "No valid default or explicit token expiration value found after asyncGetAccessToken"
williamsfu99
left a comment
williamsfu99
left a comment
There was a problem hiding this comment.
Can you also add some comments in docs/root/configuration/http/http_filters/oauth2_filter.rst explaining/giving examples of the new feature?
|
@terorie @williamsfu99 @rgs1 Do you think we need to revive this to solve #14542? It seems like there are small nits to be resolved to bring this in. I can try to help if that makes sense. cc. @orHayoun |
|
@dio Sorry I've completely forgot about this. I'm not using the OAuth2 filter anymore so feel free to close from my side. I'm happy to finish up the PRs if the functionality is wanted though. |
|
@terorie no worries 🙂. From my reading, I think this PR is solving that issue and required. Please let me know if you want me to reopen this. Thank you! |
|
I'm struggling at the moment to revive my workspace because the dev container is currently broken: #18388 |
|
@dio I would appreciate it being re-opened as the issue is still causing problems If it's purely nitpicks I may be able to help, but I have not used C languages before. |
|
Retrying Azure Pipelines: |
6 participants
Signed-off-by: Richard Patel me@terorie.dev
Commit Message: oauth2: add "default_expires_in" config option
Additional Description: Fixes compatibility with OAuth 2.0 authorization servers that don't provide the "expires_in" property in the token response
Risk Level: Low
Testing: Added OAuth client tests for two new branches (default expires_in, missing default or explicit expires_in)
Docs Changes: Inline API proto
Release Notes: oauth2 filter: added "default_expires_in" property for authorization servers that don't provide the "expires_in" token response property
Fixes #14254