Add Support For Passing Nonce and Configurable JWT Expiry #22
Conversation
* Added support to the Python client to allow the nonce to be set in the auth URL * Added a client parameter to allow JWT expiry to be configured. * Updated some tests to check nonce validation.
|
The suggestions make sense, I will integrate changes to reflect you comments above. |
* Client now throws an exception if an out of range expiry was given on initialization; the value is furthermore clamped to between 0 seconds and 5 minutes where it's used. * Doc strings have been updated to reflect what the underlying OIDC API specifies around the state and nonce. * Tests have been added to verify that the expiry is checked correctly.
|
I have just pushed another commit that should hopefully address the points you've mentioned in the code review. |
|
@rpcope1 Thanks! This looks great. Just need to fix the linter issue so the tests will run, then I think we can get this merged. |
I just pushed a change set that I think will address the linter errors. Thank you so much for your help with this. |
|
I think enough has been added since the last release that it's worth putting one out. I'll try to get that done early next week. |
|
Thanks @rpcope1! The PR is merged and I'll try to get a release out next week. |
Description
Motivation and Context
I am working on integrating the Duo Universal prompt into an existing Python application that already does OIDC auth flows, and utilizing the OIDC nonce and potentially setting a shorter expiry window is being considered. These are supported in the Duo OIDC doc, but not exposed in the Python client library, so this would add that.
How Has This Been Tested?
Types of Changes