django/utils: Get access token renewal date from proper dict field
ClosedPublic
Actions

Authored by anlambert on Mar 17 2021, 6:07 PM.

Details

Reviewers

ardumont

Group Reviewers

Reviewers

Commits

rDAUTH679c0a5e608a: django/utils: Get access token renewal date from proper dict field

Summary

In the dictionary decoded from an OIDC access token, the iat field store
the token creation date while the auth_time field store the date the
OIDC session was opened.

In order to get an accurate authentication time, the date stored in
the iat field must be used as it corresponds to the time an access
token was refreshed and thus the latest valid authentication date.

Related to D5269

Diff Detail

Repository

rDAUTH Common authentication libraries

Lint

Automatic diff as part of commit; lint not applicable.

Unit

Automatic diff as part of commit; unit tests not applicable.

Event Timeline

anlambert created this revision.Mar 17 2021, 6:07 PM

Herald added a reviewer: Reviewers. · View Herald TranscriptMar 17 2021, 6:07 PM

anlambert edited the summary of this revision. (Show Details)Mar 17 2021, 6:08 PM

anlambert mentioned this in D5269: auth/backends: Fix cache TTL computation for OIDC profile.

Build is green

Patch application report for D5271 (id=18883)

Rebasing onto 148c9d4f3f...

Current branch diff-target is up to date.

Changes applied before test

commit 26943048531717e1b35eff2270bbd0a8d6a6e57f
Author: Antoine Lambert <antoine.lambert@inria.fr>
Date:   Wed Mar 17 18:02:03 2021 +0100

    django/utils: Get access token renewal date from proper dict field
    
    In the dictionry decoded from an OIDC access token, the iat field store
    the token creation date while the auth_time field store the date the
    OIDC session was opened.
    
    In order to get an accurate authentication time, the date stored in
    the iat field must be used as it corresponds to the time an access
    token was refreshed and thus the latest valid authentication date.

See https://jenkins.softwareheritage.org/job/DAUTH/job/tests-on-diff/32/ for more details.

Harbormaster completed remote builds in B19974: Diff 18883.Mar 17 2021, 6:08 PM

anlambert requested review of this revision.Mar 17 2021, 6:08 PM

ardumont accepted this revision.Mar 17 2021, 6:11 PM

This revision is now accepted and ready to land.Mar 17 2021, 6:11 PM

Thanks.

Fix typo in commit message

anlambert edited the summary of this revision. (Show Details)Mar 17 2021, 6:14 PM

Build is green

Patch application report for D5271 (id=18887)

Rebasing onto 148c9d4f3f...

Current branch diff-target is up to date.

Changes applied before test

commit 679c0a5e608a0bb7833c61b1e658a0507d9c32bc
Author: Antoine Lambert <antoine.lambert@inria.fr>
Date:   Wed Mar 17 18:02:03 2021 +0100

    django/utils: Get access token renewal date from proper dict field
    
    In the dictionary decoded from an OIDC access token, the iat field store
    the token creation date while the auth_time field store the date the
    OIDC session was opened.
    
    In order to get an accurate authentication time, the date stored in
    the iat field must be used as it corresponds to the time an access
    token was refreshed and thus the latest valid authentication date.

See https://jenkins.softwareheritage.org/job/DAUTH/job/tests-on-diff/33/ for more details.

Harbormaster completed remote builds in B19976: Diff 18887.Mar 17 2021, 6:15 PM

Closed by commit rDAUTH679c0a5e608a: django/utils: Get access token renewal date from proper dict field (authored by anlambert). · Explain WhyMar 17 2021, 6:15 PM

This revision was automatically updated to reflect the committed changes.

anlambert added a commit: rDAUTH679c0a5e608a: django/utils: Get access token renewal date from proper dict field.