Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: have OAuth2 Proxy refresh the access token before it expires #173

Merged
merged 3 commits into from
Nov 19, 2024
Merged

feat: have OAuth2 Proxy refresh the access token before it expires #173

merged 3 commits into from
Nov 19, 2024

Conversation

steveherrin
Copy link
Contributor

@steveherrin steveherrin commented Nov 19, 2024
edited
Loading

I'm basing the settings on our existing Cognito pools and clients. This won't work if we need more control:

  • access tokens expire after 60 minutes, so renew at 59
  • refresh tokens expire after 30 days, so the default of 7 days is fine and I haven't made this configurable

There are others ways to do this. Every stack using the proxy could supply this via extraArgs, but that is leaving a trap for services to forget. There might be some way to keep this in sync with whatever we have set for Cognito, but that's beyond what I know how to do with my current knowledge of our infrastructure.

@steveherrin steveherrin changed the title fix: have OAuth2 Proxy refresh the access token before it expires feat: have OAuth2 Proxy refresh the access token before it expires Nov 19, 2024
@steveherrin
feat: have OAuth2 Proxy refresh the access token before it expires
816c04f 
I'm basing the default on our existing Cognito pools and clients. This
won't work if we need more control:

- access tokens expire after 60 minutes, so renew at 59
- refresh tokens expire after 30 days, so the default of 7 days is fine
  and I haven't made this configurable
jakeyheath
jakeyheath approved these changes Nov 19, 2024
View reviewed changes
Copy link
Contributor

@jakeyheath jakeyheath left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@steveherrin steveherrin merged commit 81188df into main Nov 19, 2024
13 checks passed
@steveherrin steveherrin deleted the sherrin/refresh-tokens branch November 19, 2024 23:17
@czi-github-helper czi-github-helper bot mentioned this pull request Nov 19, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jakeyheath jakeyheath jakeyheath approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@steveherrin @jakeyheath