Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(oidc): Make state timeout duration configurable to support long taking sign in #362

Merged
merged 6 commits into from
Oct 18, 2023
Merged

feat(oidc): Make state timeout duration configurable to support long taking sign in #362

merged 6 commits into from
Oct 18, 2023

Conversation

carstendietrich
Copy link
Member

By default we invalidate all state params that are older than 30min, this means if you spent 30min on the login page of the identity provider and then came back to flamingo you would be greeted by a lovely state mismatch error.

Reasons for spending such a long time at the OIDC provider could be for example creating a new account with various verification steps.

Introducing a config to support long-running login/registrations. If not specified we'll stick to 30min.

tessig
tessig reviewed Oct 18, 2023
View reviewed changes
core/auth/oauth/oidc.go Outdated
stateTimeout := defaultStateTimeout

if oidcConfig.StateLifeTime != "" {
if duration, err := time.ParseDuration(oidcConfig.StateLifeTime); err == nil {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would prefer a user feedback on wrongly configured duration instead of silent fallback to default

@github-actions
Copy link
Contributor

Code Coverage

Package Line Rate Health
flamingo.me/flamingo/v3/core/auth 13%
flamingo.me/flamingo/v3/core/auth/fake 50%
flamingo.me/flamingo/v3/core/auth/http 40%
flamingo.me/flamingo/v3/core/auth/oauth 49%
flamingo.me/flamingo/v3/core/cache 65%
flamingo.me/flamingo/v3/core/gotemplate 87%
flamingo.me/flamingo/v3/core/healthcheck/interfaces/controllers 76%
flamingo.me/flamingo/v3/core/healthcheck 66%
flamingo.me/flamingo/v3/core/internalauth/application 100%
flamingo.me/flamingo/v3/core/internalauth 100%
flamingo.me/flamingo/v3/core/locale/application 87%
flamingo.me/flamingo/v3/core/locale/domain 75%
flamingo.me/flamingo/v3/core/locale/interfaces/controllers 100%
flamingo.me/flamingo/v3/core/locale/interfaces/templatefunctions 92%
flamingo.me/flamingo/v3/core/locale 59%
flamingo.me/flamingo/v3/core/oauth/application 4%
flamingo.me/flamingo/v3/core/oauth/domain 62%
flamingo.me/flamingo/v3/core/oauth 55%
flamingo.me/flamingo/v3/core/requestlogger 100%
flamingo.me/flamingo/v3/core/requesttask 10%
flamingo.me/flamingo/v3/core/robotstxt 50%
flamingo.me/flamingo/v3/core/runtime 77%
flamingo.me/flamingo/v3/core/security/application/role 95%
flamingo.me/flamingo/v3/core/security/application 98%
flamingo.me/flamingo/v3/core/security/application/voter 100%
flamingo.me/flamingo/v3/core/security/interface/controller 100%
flamingo.me/flamingo/v3/core/security/interface/middleware 72%
flamingo.me/flamingo/v3/core/security 59%
flamingo.me/flamingo/v3/core/zap 81%
flamingo.me/flamingo/v3/framework/cmd 12%
flamingo.me/flamingo/v3/framework/config 49%
flamingo.me/flamingo/v3/framework/flamingo 40%
flamingo.me/flamingo/v3/framework 29%
flamingo.me/flamingo/v3/framework/opencensus 88%
flamingo.me/flamingo/v3/framework/prefixrouter 43%
flamingo.me/flamingo/v3/framework/systemendpoint 27%
flamingo.me/flamingo/v3/framework/testutil 0%
flamingo.me/flamingo/v3/framework/web 49%
Summary 51% (3486 / 6794)

@carstendietrich carstendietrich merged commit f410758 into master Oct 18, 2023
5 checks passed
@carstendietrich carstendietrich deleted the feat/oidc-make-state-lifetime-configurable branch October 18, 2023 15:02
@github-actions github-actions bot mentioned this pull request Oct 18, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tessig tessig tessig approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@carstendietrich @tessig