Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes issue with expiryTime of OIDC cookie that causes refreshToken workflow to be skipped #1990

Merged
merged 17 commits into from
Jun 11, 2024
Merged

Fixes issue with expiryTime of OIDC cookie that causes refreshToken workflow to be skipped #1990

merged 17 commits into from
Jun 11, 2024

Conversation

cwperks
Copy link
Member

@cwperks cwperks commented Jun 10, 2024

Description

I branched off of the PR submitted by @Alankarsharma and added a unit test that verifies the OIDC refresh token flow.

This also updates one more area where the expiryTime is computed after a token refresh where it gets the new expiry time of the credentials (access token) from the refreshToken response's idToken.

Category

Bug fix

Issues Resolved

Check List

  • New functionality includes testing
  • New functionality has been documented
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

Alankarsharma and others added 13 commits April 30, 2024 21:30
@Alankarsharma
Bug fix
d17c115 
Signed-off-by: Alankarsharma <alankar.sharma005@gmail.com>
@Alankarsharma
Update cookie expiry as well
7774f82 
Signed-off-by: Alankarsharma <alankar.sharma005@gmail.com>
@Alankarsharma
Lint issue fix
9fe50db 
Signed-off-by: Alankarsharma <alankar.sharma005@gmail.com>
@Alankarsharma
Merge branch 'main' into main
aa97b1a
@Alankarsharma
fixed test case
1440b4f 
Signed-off-by: Alankarsharma <alankar.sharma005@gmail.com>
@Alankarsharma
Merge branch 'main' of https://github.com/Alankarsharma/security-dash…
7305cfc 
…boards-plugin
@Alankarsharma
Merge branch 'main' into main
00b9784
@DarshitChanpura
Merge branch 'main' into main
1c4ba56
@DarshitChanpura
Merge branch 'main' into main
0aa44fb
@cwperks
Add test for refresh token workflow in OIDC
9d170d6 
Signed-off-by: Craig Perkins <cwperx@amazon.com>
@cwperks
Merge branch 'main' into oidc-refresh-token-test
5f4d2b7
@cwperks
Merge branch 'main' into main
d6c989f
@cwperks
Merge branch 'alankar-main' into oidc-refresh-token-test
89961e7
@cwperks
Fix assertion
8dc6f37 
Signed-off-by: Craig Perkins <cwperx@amazon.com>
@cwperks cwperks mentioned this pull request Jun 10, 2024
Closed
3 tasks
@codecov Codecov
Copy link

codecov bot commented Jun 10, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 70.61%. Comparing base (489ae54) to head (cb7aea8).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1990   +/-   ##
=======================================
  Coverage   70.61%   70.61%           
=======================================
  Files          97       97           
  Lines        2600     2600           
  Branches      380      380           
=======================================
  Hits         1836     1836           
  Misses        668      668           
  Partials       96       96

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@derek-ho derek-ho added the backport 2.x backport to 2.x branch label Jun 10, 2024
@cwperks
Update getKeepAliveExpiry logic for OIDC
da4b14d 
Signed-off-by: Craig Perkins <cwperx@amazon.com>
@stephen-crawford stephen-crawford merged commit 70f2a9c into opensearch-project:main Jun 11, 2024
19 checks passed
opensearch-trigger-bot bot pushed a commit that referenced this pull request Jun 11, 2024
@cwperks @github-actions
Fixes issue with expiryTime of OIDC cookie that causes refreshToken w…
d0eb123 
…orkflow to be skipped (#1990)

* Bug fix

Signed-off-by: Alankarsharma <alankar.sharma005@gmail.com>

* Update cookie expiry as well

Signed-off-by: Alankarsharma <alankar.sharma005@gmail.com>

* Lint issue fix

Signed-off-by: Alankarsharma <alankar.sharma005@gmail.com>

* fixed test case

Signed-off-by: Alankarsharma <alankar.sharma005@gmail.com>

* Add test for refresh token workflow in OIDC

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Fix assertion

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Update getKeepAliveExpiry logic for OIDC

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Add check to ensure mockClient.post is called

Signed-off-by: Craig Perkins <cwperx@amazon.com>

---------

Signed-off-by: Alankarsharma <alankar.sharma005@gmail.com>
Signed-off-by: Craig Perkins <cwperx@amazon.com>
Co-authored-by: Alankarsharma <alankar.sharma005@gmail.com>
Co-authored-by: Darshit Chanpura <dchanp@amazon.com>
(cherry picked from commit 70f2a9c)
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Jun 11, 2024
Merged
cwperks added a commit that referenced this pull request Jun 11, 2024
@opensearch-trigger-bot @cwperks
Fixes issue with expiryTime of OIDC cookie that causes refreshToken w…
d4b7371 
…orkflow to be skipped (#1990) (#1995)

* Bug fix

Signed-off-by: Alankarsharma <alankar.sharma005@gmail.com>

* Update cookie expiry as well

Signed-off-by: Alankarsharma <alankar.sharma005@gmail.com>

* Lint issue fix

Signed-off-by: Alankarsharma <alankar.sharma005@gmail.com>

* fixed test case

Signed-off-by: Alankarsharma <alankar.sharma005@gmail.com>

* Add test for refresh token workflow in OIDC

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Fix assertion

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Update getKeepAliveExpiry logic for OIDC

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Add check to ensure mockClient.post is called

Signed-off-by: Craig Perkins <cwperx@amazon.com>

---------

Signed-off-by: Alankarsharma <alankar.sharma005@gmail.com>
Signed-off-by: Craig Perkins <cwperx@amazon.com>
Co-authored-by: Alankarsharma <alankar.sharma005@gmail.com>
Co-authored-by: Darshit Chanpura <dchanp@amazon.com>
(cherry picked from commit 70f2a9c)

Co-authored-by: Craig Perkins <cwperx@amazon.com>
@derek-ho derek-ho mentioned this pull request Jun 21, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@derek-ho derek-ho derek-ho approved these changes

@stephen-crawford stephen-crawford stephen-crawford approved these changes

@cliu123 cliu123 Awaiting requested review from cliu123

@DarshitChanpura DarshitChanpura Awaiting requested review from DarshitChanpura DarshitChanpura is a code owner

@RyanL1997 RyanL1997 Awaiting requested review from RyanL1997 RyanL1997 is a code owner

Assignees
No one assigned
Labels
backport 2.x backport to 2.x branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@cwperks @derek-ho @stephen-crawford @Alankarsharma @DarshitChanpura