Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable an option to config the leeway for claim validation #228

Merged
merged 3 commits into from
May 5, 2020
Merged

Enable an option to config the leeway for claim validation #228

merged 3 commits into from
May 5, 2020

Conversation

1zg12
Copy link
Contributor

@1zg12 1zg12 commented May 5, 2020
edited
Loading

Issues

Fixes: #229

Background

At the moment, the existing valid method allows a passed in configuration to set some leeways.

For example:

authlib/authlib/oidc/core/claims.py

Line 26 in 36e2236

def validate(self, now=None, leeway=0):

However, this has been hardcoded to 2 minutes in the invocation.

For example:

authlib/authlib/integrations/base_client/remote_app.py

Line 200 in 36e2236

claims.validate(leeway=120)

Changes

This will enable an option for developers to configure the leeway as designated.

So that when we call the parse_id_token, in addition to the existing option

        try:
           # this has a default leeway of 2 minutes
            userinfo = oauth.keycloak.parse_id_token(token) 
        except Exception as e:
            log.error(f"Got a malformed response", e)

we can also set up

        try:
           # this has a configured leeway of 0 minutes
            userinfo = oauth.keycloak.parse_id_token(token, leeway=0) 
        except Exception as e:
            log.error(f"Got a malformed response", e)

What kind of change does this PR introduce? (check at least one)

  • Bugfix
  • Feature
  • Code style update
  • Refactor
  • Other, please describe:

Does this PR introduce a breaking change? (check one)

  • Yes
  • No
  • You consent that the copyright of your pull request source code belongs to Authlib's author.

Jackie Li added 2 commits May 5, 2020 14:43
Enable the option to config the leeway for token and claim validation
626724f
Merge branch 'master' of github.com:1wpro2/authlib; branch 'master' of
4d895cb 
…https://github.com/lepture/authlib

* 'master' of github.com:1wpro2/authlib:
  load sponsors later
  Update sponsors
  Fix carbon script
  Add django and flask demo link
  Fix sponsors script
  Fix lint errors
  Load server metadata before request
  Remove extra kwargs of ensure_active_token
  JWK set kid can be optional
  Fix OAuth 1 authorization server docs
  subclass OAuthError
  Fixing the name of the Nonce model
  Fixing Typo
  Removing the extra args while refreshing token

* 'master' of https://github.com/lepture/authlib:
  load sponsors later
  Update sponsors
  Fix carbon script
  Add django and flask demo link
  Fix sponsors script
  Fix lint errors
  Load server metadata before request
  Remove extra kwargs of ensure_active_token
  JWK set kid can be optional
  Fix OAuth 1 authorization server docs
  subclass OAuthError
  Fixing the name of the Nonce model
  Fixing Typo
  Removing the extra args while refreshing token
@1zg12 1zg12 marked this pull request as ready for review May 5, 2020 07:23
@1zg12 1zg12 changed the title Enable the option for config the leeway for token and claim validation Enable the option to config the leeway for token and claim validation May 5, 2020
@1zg12 1zg12 changed the title Enable the option to config the leeway for token and claim validation Enable the option to config the leeway for claim validation May 5, 2020
@1zg12 1zg12 changed the title Enable the option to config the leeway for claim validation Enable an option to config the leeway for claim validation May 5, 2020
@lepture
Copy link
Owner

lepture commented May 5, 2020

eh, tests passed. I need to improve the test case, your change should fail the test case.

@lepture lepture merged commit 49c470e into lepture:master May 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lepture lepture lepture left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Option to configure leeway for claims validation
2 participants
@1zg12 @lepture