Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(jans-auth-server): allow authentication for max_age=0 #2361

Closed
2 tasks done
yuriyz opened this issue Sep 12, 2022 · 0 comments · Fixed by #2362
Closed
2 tasks done

feat(jans-auth-server): allow authentication for max_age=0 #2361

yuriyz opened this issue Sep 12, 2022 · 0 comments · Fixed by #2362
Assignees
@yuriyz
Labels
comp-jans-auth-server Component affected by issue or PR kind-feature Issue or PR is a new feature request
Milestone
1.0.3

Comments

@yuriyz
Copy link
Contributor

yuriyz commented Sep 12, 2022

Description

Setting max_age parameter with 0 value in a authorization request doesn't allow user to log in at all. After postlogin call user is redirected back to login page.

In addition we can introduce disableAuthnForMaxAgeZero with default value false. If true - authn will be disabled.

max_age
OPTIONAL. Maximum Authentication Age. Specifies the allowable elapsed time in seconds since the last time the End-User was actively authenticated by the OP. If the elapsed time is greater than this value, the OP MUST attempt to actively re-authenticate the End-User. (The max_age request parameter corresponds to the OpenID 2.0 PAPE [OpenID.PAPE] max_auth_age request parameter.) When max_age is used, the ID Token returned MUST include an auth_time Claim Value.

Prepare

  • Read contribution guidelines
  • Read license information

oxauth counterpart GluuFederation/oxAuth#1714
Support: 10742
@yuriyz yuriyz added comp-jans-auth-server Component affected by issue or PR kind-feature Issue or PR is a new feature request labels Sep 12, 2022
@yuriyz yuriyz added this to the 1.0.3 milestone Sep 12, 2022
@yuriyz yuriyz self-assigned this Sep 12, 2022
yuriyz added a commit that referenced this issue Sep 12, 2022
@yuriyz
feat(jans-auth-server): allow authentication for max_age=0 #2361
cfc6faf 
docs: no docs (swagger updated)
#2361
@yuriyz yuriyz mentioned this issue Sep 12, 2022
Merged
5 tasks
yuriyz added a commit that referenced this issue Sep 12, 2022
@yuriyz
feat(jans-auth-server): allow authentication for max_age=0 #2361 (#2362)
aed6ee3 
docs: no docs (swagger updated)
#2361
This was referenced Nov 1, 2022
Merged
Merged
@mo-auto3 mo-auto3 mentioned this issue Nov 1, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yuriyz yuriyz

Labels
comp-jans-auth-server Component affected by issue or PR kind-feature Issue or PR is a new feature request
Projects
None yet
Milestone
1.0.3
Development

Successfully merging a pull request may close this issue.

feat(jans-auth-server): allow authentication for max_age=0 #2361 JanssenProject/jans
1 participant
@yuriyz