-
Notifications
You must be signed in to change notification settings - Fork 96
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improvements with OKTA OIDC provider integration #385
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is not easy to test so I only inspected the code right now.
On a first inspection your changes look understandable.
I have a few of points that I think we should consider:
- Testing: How to test this: We have several use cases now that use openID. I'd like to be sure that this doesn't break existing implementations. I think we should start to configure this auth system on our dev server (with azure or github at least) o to configure a battery of tests. I think there should be some also some unit tests to make this functionality less prone to future regressions due to code changes.
- There was a
fiveMinutesFromNow
beharvior that has been removed. As far as I remember, it was there to prevent to ask for a new token if the current is not even near to expire yet. With this logic change, it will create ask a new token on every refresh session call (that mapstore sends every 30 seconds ? - I noticed you replicated the same logic in case of token expiration (redirecting to login). I think also this workflow should be tested with MapStore too, because as far as I remember the refresh call is an ajax call, so I have the suspect that in that case it will not work properly. Lookign at the documentation a refresh token expiration is not taken into account or not documented yet.
So I'd suggest:
- To list the test you did to verify this functionality, in order to make us able to check the behavior.
- Add some unit tests if possible
- We also need to improve the documentation with the refresh token logic, maybe
Replying to the points above:
|
|
I totally agree with the following:
We need to coordinate for this first
@offtherailz do you want to provide a MS doc update for this with a PR? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
I removed target and source compiler version as asked by @afabiani .
Let's wait for the build to see if tests still passing
This PR improves the way how GeoStore handles the
refresh-token
request by: