Page MenuHomeSoftware Heritage

django/backends: Improve expired token handling
ClosedPublic

Authored by anlambert on Wed, Apr 7, 6:52 PM.

Details

Summary

I stumbled across that behavior when testing bearer tokens expiration
from swh-web API tokens Web UI (D5445).

The first time a user sends an expired token previously used to
perform authenticated Web API calls, Keycloak will return the
following error message: "Offline session not active".

Keycloak will then remove the offline session from its database
and future calls to a Web API with the expired token will
return the following error message: "Offline user session not found".

So handle that error message too for indicating a token has expired.

Related to T3121

Diff Detail

Repository
rDAUTH Common authentication libraries
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

Build is green

Patch application report for D5446 (id=19474)

Rebasing onto d06924ed00...

Current branch diff-target is up to date.
Changes applied before test
commit 309118c158d905d1b95ef73f518015b5dc113765
Author: Antoine Lambert <antoine.lambert@inria.fr>
Date:   Wed Apr 7 18:47:56 2021 +0200

    django/backends: Improve expired token handling
    
    The first time a user sends an expired token previously used to
    perform authenticated Web API calls, Keycloak will return the
    following error message: "Offline session not active".
    
    So handle that error message too for indicating a token has expired.
    
    Related to T3121

See https://jenkins.softwareheritage.org/job/DAUTH/job/tests-on-diff/69/ for more details.

This revision is now accepted and ready to land.Wed, Apr 7, 7:04 PM