Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider OIDC tokens with an unknown kid to be expired #407

Merged
merged 2 commits into from
Apr 18, 2019
Merged

Consider OIDC tokens with an unknown kid to be expired #407

merged 2 commits into from
Apr 18, 2019

Conversation

benlangfeld
Copy link
Contributor

@benlangfeld benlangfeld commented Apr 15, 2019
edited

When the authorization server rotates key IDs, we might encounter a token with a kid which the server no longer reports in discovery. Currently, json-jwt raises an exception and the user must expend a lot of effort debugging. We can help by simply assuming the token is expired and forcing token refresh.

@benlangfeld
Consider OIDC tokens with an unknown kid to be expired
0a58137 
When the authorization server rotates key IDs, we might encounter a token with a kid which the server no longer reports in discovery. Currently, json-jwt raises an exception and the user must expend a lot of effort debugging. We can help by simply assuming the token is expired and forcing token refresh.
@benlangfeld benlangfeld marked this pull request as ready for review April 15, 2019 19:56
@benlangfeld benlangfeld mentioned this pull request Apr 16, 2019
Open
@benlangfeld benlangfeld changed the title Consider OIDC tokens with an unknown kid to be expired Improved OIDC token refresh behaviour Apr 16, 2019
@benlangfeld benlangfeld changed the title Improved OIDC token refresh behaviour Consider OIDC tokens with an unknown kid to be expired Apr 16, 2019
This was referenced Apr 16, 2019
Open
Draft
@cben
Copy link
Collaborator

cben commented Apr 17, 2019

Sorry, very busy week :-/ Hope to review soon...

cben
cben approved these changes Apr 18, 2019
View reviewed changes
Copy link
Collaborator

@cben cben left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍
Could you just add a CHANGELOG entry?

@benlangfeld
Copy link
Contributor Author

@cben Done :)

@cben cben merged commit 309bda4 into ManageIQ:master Apr 18, 2019
cben added a commit to cben/kubeclient that referenced this pull request May 3, 2019
@cben
CHANGELOG and README for 4.4.0 release
7346bd8 
ManageIQ#404, ManageIQ#406, ManageIQ#407, ManageIQ#410.
@cben cben mentioned this pull request May 3, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cben cben cben approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@benlangfeld @cben