Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable an option to config the leeway for claim validation #228

Merged
merged 3 commits into from May 5, 2020

Conversation

1zg12
Copy link
Contributor

@1zg12 1zg12 commented May 5, 2020

Issues

Fixes: #229

Background

At the moment, the existing valid method allows a passed in configuration to set some leeways.

For example:

def validate(self, now=None, leeway=0):

However, this has been hardcoded to 2 minutes in the invocation.

For example:

claims.validate(leeway=120)

Changes

This will enable an option for developers to configure the leeway as designated.

So that when we call the parse_id_token, in addition to the existing option

        try:
           # this has a default leeway of 2 minutes
            userinfo = oauth.keycloak.parse_id_token(token) 
        except Exception as e:
            log.error(f"Got a malformed response", e)

we can also set up

        try:
           # this has a configured leeway of 0 minutes
            userinfo = oauth.keycloak.parse_id_token(token, leeway=0) 
        except Exception as e:
            log.error(f"Got a malformed response", e)

What kind of change does this PR introduce? (check at least one)

  • Bugfix
  • Feature
  • Code style update
  • Refactor
  • Other, please describe:

Does this PR introduce a breaking change? (check one)

  • Yes
  • No

  • You consent that the copyright of your pull request source code belongs to Authlib's author.

Jackie Li added 2 commits May 5, 2020
…https://github.com/lepture/authlib

* 'master' of github.com:1wpro2/authlib:
  load sponsors later
  Update sponsors
  Fix carbon script
  Add django and flask demo link
  Fix sponsors script
  Fix lint errors
  Load server metadata before request
  Remove extra kwargs of ensure_active_token
  JWK set kid can be optional
  Fix OAuth 1 authorization server docs
  subclass OAuthError
  Fixing the name of the Nonce model
  Fixing Typo
  Removing the extra args while refreshing token

* 'master' of https://github.com/lepture/authlib:
  load sponsors later
  Update sponsors
  Fix carbon script
  Add django and flask demo link
  Fix sponsors script
  Fix lint errors
  Load server metadata before request
  Remove extra kwargs of ensure_active_token
  JWK set kid can be optional
  Fix OAuth 1 authorization server docs
  subclass OAuthError
  Fixing the name of the Nonce model
  Fixing Typo
  Removing the extra args while refreshing token
@1zg12 1zg12 marked this pull request as ready for review May 5, 2020
@1zg12 1zg12 changed the title Enable the option for config the leeway for token and claim validation Enable the option to config the leeway for token and claim validation May 5, 2020
@1zg12 1zg12 changed the title Enable the option to config the leeway for token and claim validation Enable the option to config the leeway for claim validation May 5, 2020
@1zg12 1zg12 changed the title Enable the option to config the leeway for claim validation Enable an option to config the leeway for claim validation May 5, 2020
@lepture
Copy link
Owner

@lepture lepture commented May 5, 2020

eh, tests passed. I need to improve the test case, your change should fail the test case.

Co-authored-by: Hsiaoming Yang <me@lepture.com>
@lepture lepture merged commit 49c470e into lepture:master May 5, 2020
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants