This repository has been archived by the owner on Jul 14, 2024. It is now read-only.
Token cache expiration is way too long #124
Labels
Comments
|
Solution: for now, let's take it down to 5 minutes, which is of an order of magnitude similar to manual token revocation, while still preserving mass import performance. LATER implement cache obsolescence on Kernel notification, or re-check cached tokens in a background thread pool (courtesy of @tbroyer : https://github.com/pole-numerique/oasis-sample-dataprovider-servlets/blob/db7bc2afb0213a0381a8cc16fb39ddc624a725af/src/main/java/oasis/samples/dataprovider/auth/OasisAuth.java#L65-L104 )... |
mdutoo
pushed a commit
that referenced
this issue
Nov 20, 2015
|
Short term solution done, tagging as low priority. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Tokens are currently cached for one hour (because that's their default lifetime):
https://github.com/pole-numerique/oasis-datacore/blob/203ea2a3a4aae79111282ace1a2e7b84254b3830/oasis-datacore-rest-server/src/main/resources/datacore-server-ehcache.xml#L20-L24
That's way too long!
Imagine that a token is being used maliciously (after it has leaked, or because of a subverted/pwnd or malicious client). Assuming the malicious usage has been detected and the token has been revoked, the DC will still happily accept it for one hour because it's in the cache.
There's another similar issue with the current implementation: the
expfield in the introspection response (see https://tools.ietf.org/html/rfc7662) is never used; that means a token could possibly be accepted up to one hour after it has actually expired: in case it's successfully used for the first time on the DC just before it expires, the DC will happily accept for one hour starting at that point because it's in the cache, irrespective of the token expiration.The text was updated successfully, but these errors were encountered: