OAuth2DeviceConfig: fix polling interval defaults
Instead of DEFAULT_OAUTH2_DEVICE_POLLING_INTERVAL, constant for the lifespan was used to initialize the default polling interval. This leads to inability to continuously poll the result as the result stuck in the actionTokens cache for far longer than expected (600 seconds instead of 5 seconds). As a result, only the first request for the token succeeds if a resource owner already did grant the access. If that has not happened, any additional polling within 600 seconds would get rejected with a 'slow_down' response. This makes hard to write OAuth 2.0 clients using device code authorization grant flow against multiple IdPs. Microsoft's implementation of OAuth 2.0 device code grant flow requires 'nudging' the Authorization Server's token endpoint before it even starts recognizing the device code. Keycloak mismatch of the polling interval default makes this flow impossible. Closes #12327 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
parent
3889eeda30
commit
1915f11cba
1 changed files with 2 additions and 2 deletions
|
@ -47,7 +47,7 @@ public final class OAuth2DeviceConfig implements Serializable {
|
||||||
private transient Supplier<RealmModel> realmForWrite;
|
private transient Supplier<RealmModel> realmForWrite;
|
||||||
|
|
||||||
private int lifespan = DEFAULT_OAUTH2_DEVICE_CODE_LIFESPAN;
|
private int lifespan = DEFAULT_OAUTH2_DEVICE_CODE_LIFESPAN;
|
||||||
private int poolingInterval = DEFAULT_OAUTH2_DEVICE_CODE_LIFESPAN;
|
private int poolingInterval = DEFAULT_OAUTH2_DEVICE_POLLING_INTERVAL;
|
||||||
|
|
||||||
public OAuth2DeviceConfig(RealmModel realm) {
|
public OAuth2DeviceConfig(RealmModel realm) {
|
||||||
this.realm = () -> realm;
|
this.realm = () -> realm;
|
||||||
|
|
Loading…
Reference in a new issue