HomeSoftware Heritage
Diffusion Web applications 3250335c25c5

auth/backends: Use offline refresh token for Web API authentication
3250335c25c5
Actions

This commit no longer exists in the repository. It may have been part of a branch which was deleted.

Description

auth/backends: Use offline refresh token for Web API authentication

For commodity of use for Web API users, simplify the OIDC authentication worflow
by handling access token renewal directly in the DRF authentication backend.

This means once a user gets his offline refresh token, he can store it and uses
it to authenticate all his API calls until the token gets revocated.

To limit the number of requests sent to the authentication provider (Keycloak),
access tokens are put in cache until they expire (usually a couple of minutes).

Related to T1927

Details

Provenance
anlambertAuthored on Aug 27 2020, 11:27 AM
anlambertPushed on Aug 27 2020, 6:51 PM
Differential Revision
D3849: auth/backends: Use offline refresh token for Web API authentication
Tasks
T1927: Web app: rate limiting based on per-client API tokens
Build Status
Buildable 14833
Build 22851: test-and-buildJenkins console · Jenkins

Commit No Longer Exists

This commit no longer exists in the repository.
About · Developer information · Legal