Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enforce refresh token clean-up #130

Merged
merged 5 commits into from
Sep 11, 2024
Merged

Enforce refresh token clean-up #130

merged 5 commits into from
Sep 11, 2024

Conversation

enolfc
Copy link
Contributor

@enolfc enolfc commented Sep 9, 2024

Summary

Remove the stale user info whenever the refresh process fails so the user is forced to authenticate again from scratch. This will force obtaining a new refresh token, before the broken token would remain unchanged when loggin in via JWT.

Also check the validity of the access token so the refresh does not need to happen if the user has a valid token in place.

Related issue :

@enolfc
Enforce refresh token clean-up
8ed347c 
Also do not try to refresh if the access token is still valid
@enolfc
Add some docstring
694465c
@enolfc enolfc marked this pull request as ready for review September 9, 2024 13:35
andrea-manzi
andrea-manzi reviewed Sep 9, 2024
View reviewed changes
Copy link
Contributor

@andrea-manzi andrea-manzi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good ! @valtri can you give it a try on the testing installation?

@valtri
Copy link
Contributor

valtri commented Sep 9, 2024

There is some unrelated problem in JWT wrapper with oauthenticator 16.3.0 (from the older changes):

To use the fastapi command, please install "fastapi[standard]":

	pip install "fastapi[standard]"

Traceback (most recent call last):
  File "/usr/local/bin/fastapi", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/usr/local/lib/python3.11/site-packages/fastapi/cli.py", line 12, in main
    raise RuntimeError(message)  # noqa: B904
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^
RuntimeError: To use the fastapi command, please install "fastapi[standard]":

	pip install "fastapi[standard]"

But it works with the oauthenticator 16.1.0.

@enolfc
Copy link
Contributor Author

enolfc commented Sep 10, 2024

There is some unrelated problem in JWT wrapper with oauthenticator 16.3.0 (from the older changes):

To use the fastapi command, please install "fastapi[standard]":

	pip install "fastapi[standard]"

Traceback (most recent call last):
  File "/usr/local/bin/fastapi", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/usr/local/lib/python3.11/site-packages/fastapi/cli.py", line 12, in main
    raise RuntimeError(message)  # noqa: B904
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^
RuntimeError: To use the fastapi command, please install "fastapi[standard]":

	pip install "fastapi[standard]"

But it works with the oauthenticator 16.1.0.

Fixed

valtri
valtri approved these changes Sep 11, 2024
View reviewed changes
Copy link
Contributor

@valtri valtri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@valtri valtri merged commit bebde36 into EGI-Federation:main Sep 11, 2024
3 checks passed
@enolfc enolfc deleted the jwt-refresh branch September 11, 2024 11:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrea-manzi andrea-manzi andrea-manzi left review comments

@valtri valtri valtri approved these changes

@gonimoro gonimoro Awaiting requested review from gonimoro

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@enolfc @valtri @andrea-manzi