Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Cache token introspection response from OIDC provider #16117

Merged
merged 4 commits into from
Aug 17, 2023
Merged

Cache token introspection response from OIDC provider #16117

merged 4 commits into from
Aug 17, 2023

Conversation

H-Shay
Copy link
Contributor

@H-Shay H-Shay commented Aug 15, 2023

This PR adds an expiring cache to the result of the _introspect_token of the MSC3861DelegatedAuth class. The cache expires after five minutes, and the token introspection response is checked for expiration both when the response is pulled from the cache and when the response is received over network (although I am not sure if the second check is necessary, would the authorizing server ever send an introspection response with an expired exp field?).

A follow-on PR will add an endpoint for receiving revocations from the authorizing server.

@H-Shay H-Shay requested a review from a team as a code owner August 15, 2023 22:00
@H-Shay H-Shay mentioned this pull request Aug 15, 2023
Closed
erikjohnston
erikjohnston reviewed Aug 16, 2023
View reviewed changes
Copy link
Member

@erikjohnston erikjohnston left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this looks good, thanks!

synapse/api/auth/msc3861_delegated.py Show resolved Hide resolved
synapse/api/auth/msc3861_delegated.py Outdated Show resolved Hide resolved
synapse/api/auth/msc3861_delegated.py Outdated Show resolved Hide resolved
@erikjohnston
Copy link
Member

Have requested review from @sandhose just to triple check this is the correct logic.

@H-Shay H-Shay mentioned this pull request Aug 16, 2023
Merged
@H-Shay
Copy link
Contributor Author

H-Shay commented Aug 17, 2023

@erikjohnston per the meeting - are you fine with me going ahead and merging this?

@erikjohnston
Copy link
Member

Why?

@erikjohnston
Copy link
Member

By why, I mean yes! Sorry, got distracted writing that one word response....

@erikjohnston
Copy link
Member

Merge it!

@H-Shay H-Shay merged commit 54a51ff into develop Aug 17, 2023
37 checks passed
@H-Shay H-Shay deleted the shay/token_cache branch August 17, 2023 17:53
@H-Shay
Copy link
Contributor Author

H-Shay commented Aug 17, 2023

Merged #16117 into develop, thanks for the review!

@sandhose sandhose mentioned this pull request Sep 5, 2023
Merged
sandhose added a commit that referenced this pull request Sep 5, 2023
@sandhose
Revert "Cache token introspection response from OIDC provider (#16117)"
08f4675 
This reverts commit 54a51ff.
@erikjohnston erikjohnston mentioned this pull request Sep 7, 2023
Open
@matrixbot matrixbot mentioned this pull request Dec 22, 2023
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@erikjohnston erikjohnston erikjohnston left review comments

@sandhose sandhose Awaiting requested review from sandhose

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@H-Shay @erikjohnston