From 1915f11cbad87306bf6a94803581e60a0f02b404 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Mon, 9 May 2022 10:16:31 +0300 Subject: [PATCH] OAuth2DeviceConfig: fix polling interval defaults Instead of DEFAULT_OAUTH2_DEVICE_POLLING_INTERVAL, constant for the lifespan was used to initialize the default polling interval. This leads to inability to continuously poll the result as the result stuck in the actionTokens cache for far longer than expected (600 seconds instead of 5 seconds). As a result, only the first request for the token succeeds if a resource owner already did grant the access. If that has not happened, any additional polling within 600 seconds would get rejected with a 'slow_down' response. This makes hard to write OAuth 2.0 clients using device code authorization grant flow against multiple IdPs. Microsoft's implementation of OAuth 2.0 device code grant flow requires 'nudging' the Authorization Server's token endpoint before it even starts recognizing the device code. Keycloak mismatch of the polling interval default makes this flow impossible. Closes #12327 Signed-off-by: Alexander Bokovoy --- .../src/main/java/org/keycloak/models/OAuth2DeviceConfig.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server-spi/src/main/java/org/keycloak/models/OAuth2DeviceConfig.java b/server-spi/src/main/java/org/keycloak/models/OAuth2DeviceConfig.java index 1b51c08928..8ea25554db 100644 --- a/server-spi/src/main/java/org/keycloak/models/OAuth2DeviceConfig.java +++ b/server-spi/src/main/java/org/keycloak/models/OAuth2DeviceConfig.java @@ -47,7 +47,7 @@ public final class OAuth2DeviceConfig implements Serializable { private transient Supplier realmForWrite; private int lifespan = DEFAULT_OAUTH2_DEVICE_CODE_LIFESPAN; - private int poolingInterval = DEFAULT_OAUTH2_DEVICE_CODE_LIFESPAN; + private int poolingInterval = DEFAULT_OAUTH2_DEVICE_POLLING_INTERVAL; public OAuth2DeviceConfig(RealmModel realm) { this.realm = () -> realm; @@ -135,4 +135,4 @@ public final class OAuth2DeviceConfig implements Serializable { realm.setAttribute(name, value); } } -} \ No newline at end of file +}