Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor(auth): remove refresh token expiration handling #994

Merged
merged 1 commit into from
Oct 18, 2024
Merged

refactor(auth): remove refresh token expiration handling #994

merged 1 commit into from
Oct 18, 2024

Conversation

aofei
Copy link
Member

@aofei aofei commented Oct 18, 2024

  • Remove handling of refresh token expiration as Casdoor never returns refresh_expires_in1.
  • Treat refresh tokens as always valid as they are renewed with each access token refresh2.
  • Return 401 Unauthorized instead of 500 Internal Server Error when JWT parsing fails.

Footnotes

  1. https://github.com/casdoor/casdoor/blob/6f1f93725e77c8288aa0ac1c0d996feff906ddcf/object/token_oauth.go#L383-L390

  2. https://github.com/casdoor/casdoor/blob/6f1f93725e77c8288aa0ac1c0d996feff906ddcf/object/token_oauth.go#L351-L376

nighca
nighca reviewed Oct 18, 2024
View reviewed changes
spx-gui/src/stores/user.ts Show resolved Hide resolved
spx-gui/src/stores/user.ts Outdated Show resolved Hide resolved
nighca
nighca reviewed Oct 18, 2024
View reviewed changes
spx-gui/src/stores/user.ts Outdated Show resolved Hide resolved
@aofei
refactor(auth): remove refresh token expiration handling
0706b97 
- Remove handling of refresh token expiration as Casdoor never returns
`refresh_expires_in`[^1].
- Treat refresh tokens as always valid as they are renewed with each
access token refresh[^2].
- Return `401 Unauthorized` instead of `500 Internal Server Error` when
JWT parsing fails.

[^1]: https://github.com/casdoor/casdoor/blob/6f1f93725e77c8288aa0ac1c0d996feff906ddcf/object/token_oauth.go#L383-L390
[^2]: https://github.com/casdoor/casdoor/blob/6f1f93725e77c8288aa0ac1c0d996feff906ddcf/object/token_oauth.go#L351-L376

Signed-off-by: Aofei Sheng <aofei@aofeisheng.com>
@qiniu-ci
Copy link

This PR has been deployed to the preview environment. You can explore it using the preview URL.

Warning

Please note that deployments in the preview environment are temporary and will be automatically cleaned up after a certain period. Make sure to explore it before it is removed. For any questions, contact the Go+ Builder team.

nighca
nighca approved these changes Oct 18, 2024
View reviewed changes
Copy link
Collaborator

@nighca nighca left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

其他没问题,先 approve 了

@aofei aofei merged commit 2eee8bf into goplus:dev Oct 18, 2024
7 checks passed
@aofei aofei deleted the auth branch October 18, 2024 03:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nighca nighca nighca approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@aofei @qiniu-ci @nighca