-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(oauth2): revalidate access tokens #4603
Conversation
related to #4585
...main/java/org/camunda/bpm/spring/boot/starter/security/oauth2/impl/AuthorizeTokenFilter.java
Outdated
Show resolved
Hide resolved
...main/java/org/camunda/bpm/spring/boot/starter/security/oauth2/impl/AuthorizeTokenFilter.java
Outdated
Show resolved
Hide resolved
Some details to this: Why isn't the refresh working? Solution: |
…/bpm/spring/boot/starter/security/oauth2/impl/AuthorizeTokenFilter.java Co-authored-by: yanavasileva <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 I have a comment for the clock.
Tested with Okta after log out+5 min:
2024-09-17T17:11:27.830+02:00 DEBUG 24580 --- [nio-8080-exec-7] o.c.b.s.b.s.s.o.i.AuthorizeTokenFilter : Authorize successful, access token expiry: 2024-09-17T15:11:42.154988400Z
2024-09-17T17:11:27.831+02:00 DEBUG 24580 --- [nio-8080-exec-7] s.b.s.s.o.i.OAuth2AuthenticationProvider : Authenticated user 'peter'
2024-09-17T17:11:27.835+02:00 DEBUG 24580 --- [nio-8080-exec-7] o.c.b.s.b.s.s.o.i.OAuth2IdentityProvider : Using OAuth2IdentityProvider
2024-09-17T17:11:27.835+02:00 DEBUG 24580 --- [nio-8080-exec-7] o.c.b.s.b.s.s.o.i.OAuth2IdentityProvider : Using OAuth2IdentityProvider
2024-09-17T17:11:27.836+02:00 DEBUG 24580 --- [nio-8080-exec-7] o.c.b.s.b.s.s.o.i.OAuth2IdentityProvider : Using OAuth2IdentityProvider
2024-09-17T17:11:49.080+02:00 WARN 24580 --- [nio-8080-exec-5] o.c.b.s.b.s.s.o.i.AuthorizeTokenFilter : Authorize failed: could not re-authorize expired access token
...main/java/org/camunda/bpm/spring/boot/starter/security/oauth2/impl/AuthorizeTokenFilter.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 Looks good. I re-tested okta with clear user sessions, seems fine to me. I didn't test cognito.
2024-09-19T08:49:47.941+02:00 DEBUG 29164 --- [nio-8080-exec-7] o.c.b.s.b.s.s.o.i.AuthorizeTokenFilter : Authorize successful, access token expiry: 2024-09-19T06:54:47.511099300Z
2024-09-19T08:49:47.943+02:00 DEBUG 29164 --- [nio-8080-exec-4] s.b.s.s.o.i.OAuth2AuthenticationProvider : Authenticated user 'peter'
2024-09-19T08:49:47.943+02:00 DEBUG 29164 --- [nio-8080-exec-7] s.b.s.s.o.i.OAuth2AuthenticationProvider : Authenticated user 'peter'
2024-09-19T08:55:41.275+02:00 WARN 29164 --- [nio-8080-exec-4] o.c.b.s.b.s.s.o.i.AuthorizeTokenFilter : Authorize failed: [invalid_grant] The refresh token is invalid or expired.
Distro-ee is failing, but it's seems flakiness or not up-to-date branch. |
Yes, something is off with the |
related to #4585