Page MenuHomeSoftware Heritage
Differential D5243

utils: Use iat field as fallback when auth_time is not provided
ClosedPublic
Actions

Authored by ardumont on Mar 13 2021, 10:45 AM.

Details

Reviewers
anlambert
Group Reviewers
Reviewers
Maniphest Tasks
T2858: Use keycloak authentication for the deposit
Commits
rDAUTH148c9d4f3fae: utils: Use iat field as fallback when auth_time is not provided
Summary

The auth_time is not always provided depending on the authentication flow used. The
field iat is provided for example in the direct grant access flow so use it instead as
fallback.

Related to T2858

[1] Related to P975

[2] https://github.com/keycloak/keycloak-documentation/blob/master/server_development/topics/action-token-spi.adoc#anatomy-of-action-token

Diff Detail

Repository
rDAUTH Common authentication libraries
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

ardumont created this revision.Mar 13 2021, 10:45 AM
Herald added a reviewer: Reviewers. · View Herald TranscriptMar 13 2021, 10:45 AM
swh-public-ci added a comment.Mar 13 2021, 10:45 AM

Build is green

Patch application report for D5243 (id=18795)

Rebasing onto 9d1659b938...

Current branch diff-target is up to date.
Changes applied before test
commit 09a442910d828700aecca3bc87f35fe19d784c44
Author: Antoine R. Dumont (@ardumont) <ardumont@softwareheritage.org>
Date:   Sat Mar 13 10:43:42 2021 +0100

    utils: Add fallback datetime extract when auth_time is not provided
    
    At least when using direct grant connect flow, the auth_time seems not provided. The iat
    key is though.
    
    Related to T2858

See https://jenkins.softwareheritage.org/job/DAUTH/job/tests-on-diff/29/ for more details.

Harbormaster completed remote builds in B19891: Diff 18795.Mar 13 2021, 10:45 AM
ardumont requested review of this revision.Mar 13 2021, 10:45 AM
ardumont edited the summary of this revision. (Show Details)Mar 13 2021, 10:47 AM
ardumont planned changes to this revision.Mar 15 2021, 9:56 AM

I don't think it's enough.
I'll double check.

ardumont updated this revision to Diff 18811.Mar 15 2021, 12:37 PM

Switch to use iat field altogether

ardumont retitled this revision from utils: Add fallback datetime extract when auth_time is not provided to utils: Switch to use iat field for authentication time.Mar 15 2021, 12:37 PM
ardumont edited the summary of this revision. (Show Details)
swh-public-ci added a comment.Mar 15 2021, 12:38 PM

Build is green

Patch application report for D5243 (id=18811)

Rebasing onto 9d1659b938...

Current branch diff-target is up to date.
Changes applied before test
commit 8831721ebe359b5d355f91d06c1211c96ffdf1c9
Author: Antoine R. Dumont (@ardumont) <ardumont@softwareheritage.org>
Date:   Sat Mar 13 10:43:42 2021 +0100

    utils: Switch to use iat field for authentication time
    
    The auth_time is not always provided depending on the authentication flow used. The
    field iat provides the same information and is always delivered.
    
    Related to T2858

See https://jenkins.softwareheritage.org/job/DAUTH/job/tests-on-diff/30/ for more details.

Harbormaster completed remote builds in B19905: Diff 18811.Mar 15 2021, 12:38 PM
ardumont updated this revision to Diff 18812.Mar 15 2021, 12:46 PM

Use fallback behavior as it's deemed less side-effects prone for other flows.

ardumont retitled this revision from utils: Switch to use iat field for authentication time to utils: Use iat field as fallback when auth_time is not provided.Mar 15 2021, 12:46 PM
ardumont edited the summary of this revision. (Show Details)
swh-public-ci added a comment.Mar 15 2021, 12:46 PM

Build is green

Patch application report for D5243 (id=18812)

Rebasing onto 9d1659b938...

Current branch diff-target is up to date.
Changes applied before test
commit 148c9d4f3fae212be6ef5be6befa0743fa3824ac
Author: Antoine R. Dumont (@ardumont) <ardumont@softwareheritage.org>
Date:   Sat Mar 13 10:43:42 2021 +0100

    utils: Use iat field as fallback when auth_time is not provided
    
    The auth_time is not always provided depending on the authentication flow used. The
    field iat is provided for example in the direct grant access flow so use it instead as
    fallback.
    
    Related to T2858

See https://jenkins.softwareheritage.org/job/DAUTH/job/tests-on-diff/31/ for more details.

Harbormaster completed remote builds in B19906: Diff 18812.Mar 15 2021, 12:46 PM
anlambert accepted this revision.Mar 15 2021, 2:02 PM
This revision is now accepted and ready to land.Mar 15 2021, 2:02 PM
Closed by commit rDAUTH148c9d4f3fae: utils: Use iat field as fallback when auth_time is not provided (authored by ardumont). · Explain WhyMar 15 2021, 2:04 PM
This revision was automatically updated to reflect the committed changes.
ardumont added a commit: rDAUTH148c9d4f3fae: utils: Use iat field as fallback when auth_time is not provided.

Revision Contents
Changeset List

PathSize
swh/
auth/
django/
3 lines
13 lines
tests/
7 lines
6 lines

Diff 18816

View Options

swh/auth/django/utils.py

Loading...
View Options

swh/auth/pytest_plugin.py

Loading...
View Options

swh/auth/tests/sample_data.py

Loading...
View Options

swh/auth/tests/test_keycloak.py

Loading...
About · Developer information · Legal