Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: rate-limiting #9

Closed
wants to merge 21 commits into from
Closed

fix: rate-limiting #9

wants to merge 21 commits into from

Conversation

nsklikas
Copy link

  • fix rate limiting logic
  • Do no validate the request when issuing the response.This caused issues with the introduction of rate-limiting. For this reason I broke up code validation into 2 functions: ValidateCode and ValidateCodeSession. The first needs to implement fast checks that can be performed before we fetch the code session from the database and the second implements the existing ValidateCode logic, that validates the code session data (e.g. if the code has expired).

nsklikas and others added 21 commits February 9, 2024 14:31
@nsklikas
fix: Use Requester param in WriteAccessError
4137808 
The WriteAccessError is used to construct error responses as described
in Section 5.2 of [RFC6749]. It is not limited to access token
responses.

Perhaps we should rename the function to Rfc6749TokenError.
@nsklikas
fix: generalize validateAuthorizeAudience method
7ef1fb0
@nsklikas
feat: add device flow base logic
4474d73
@nsklikas
fix: add handler for device authorization req
ffd3661
@nsklikas
fix: add device flow handlers to compose
f04f7ec
@nsklikas
fix: update memory storage
eb86df8
@nsklikas
chore: update integration tests
f2c68de
@nsklikas
fix: review comments
e4e1fe8
@nsklikas
fix: update license
7b76727
@nsklikas
Merge pull request #2 from canonical/IAM-653
fee676b 
Implement the device authorization endpoint
@wood-push-melon
feat: implement the access token handling for device authorization flow
222821e 
feat: add the access token endpoint handling for device authorization flow
@wood-push-melon
fix: passing the correct authorization request when validating if the…
e0fcc99 
… auth/device code is expired
@wood-push-melon
feat: error handling for authorization pending in device flow
aba04a6
@wood-push-melon
test: reorganize the testcases
88af7ea
@wood-push-melon
chore: resolve comments
4078ede
@wood-push-melon
Merge pull request #6 from canonical/IAM-722
b5e1e1d 
feat: error handling for authorization pending in device flow
@wood-push-melon
fix: fix oauth2 core storage interface and device flow session type a…
91d5a11 
…ssertion
@wood-push-melon
Merge pull request #7 from canonical/IAM-772
3c931a9 
fix: fix oauth2 core storage interface and device flow session type assertion
@nsklikas
fix: implement rate limiting
9994a15
@nsklikas
fix: update license
f80621e
@nsklikas
Merge pull request #8 from canonical/IAM-734
a42695b 
fix: token endpoint rate limiting
@nsklikas nsklikas closed this Mar 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nsklikas @wood-push-melon