Add missing OAuth 2.0 fields to token settings (#4253)

This commit is contained in:
Erik Jan de Wit 2023-02-01 18:19:04 +01:00 committed by GitHub
parent 97339a616d
commit 3047749890
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 65 additions and 12 deletions

View file

@ -66,6 +66,8 @@
"clientLoginTimeout": "Max time a client has to finish the access token protocol. This should normally be 1 minute.",
"userInitiatedActionLifespan": "Maximum time before an action permit sent by a user (such as a forgot password e-mail) is expired. This value is recommended to be short because it's expected that the user would react to self-created action quickly.",
"defaultAdminInitiatedActionLifespan": "Maximum time before an action permit sent to a user by administrator is expired. This value is recommended to be long to allow administrators to send e-mails for users that are currently offline. The default timeout can be overridden immediately before issuing the token.",
"oAuthDeviceCodeLifespan": "Max time before the device code and user code are expired. This value needs to be a long enough lifetime to be usable (allowing the user to retrieve their secondary device, navigate to the verification URI, login, etc.), but should be sufficiently short to limit the usability of a code obtained for phishing.",
"oAuthDevicePollingInterval": "The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint.",
"shortVerificationUriTooltip": "If set, this value will be return as verification_uri in Device Authorization flow. This uri need to redirect to {server-root}/realms/{realm}/device",
"overrideActionTokens": "Override default settings of maximum time before an action permit sent by a user (such as a forgot password e-mail) is expired for specific action. This value is recommended to be short because it's expected that the user would react to self-created action quickly.",
"internationalization": "If enabled, you can choose which locales you support for this realm and which locale is the default.",

View file

@ -202,6 +202,8 @@
"clientLoginTimeout": "Client Login Timeout",
"userInitiatedActionLifespan": "User-Initiated Action Lifespan",
"defaultAdminInitiated": "Default Admin-Initiated Action Lifespan",
"oAuthDeviceCodeLifespan": "OAuth 2.0 Device Code Lifespan",
"oAuthDevicePollingInterval": "OAuth 2.0 Device Polling Interval",
"shortVerificationUri": "Short verification_uri in Device Authorization flow",
"emailVerification": "Email Verification",
"idpAccountEmailVerification": "IdP account email verification",

View file

@ -140,6 +140,61 @@ export const RealmSettingsTokensTab = ({
/>
</FormGroup>
<FormGroup
label={t("oAuthDeviceCodeLifespan")}
fieldId="oAuthDeviceCodeLifespan"
labelIcon={
<HelpItem
helpText="realm-settings-help:oAuthDeviceCodeLifespan"
fieldLabelId="realm-settings:oAuthDeviceCodeLifespan"
/>
}
>
<Controller
name="oauth2DeviceCodeLifespan"
defaultValue={0}
control={form.control}
render={({ field }) => (
<TimeSelector
id="oAuthDeviceCodeLifespan"
data-testid="oAuthDeviceCodeLifespan"
value={field.value || 0}
onChange={field.onChange}
units={["minute", "hour", "day"]}
/>
)}
/>
</FormGroup>
<FormGroup
label={t("oAuthDevicePollingInterval")}
fieldId="oAuthDevicePollingInterval"
labelIcon={
<HelpItem
helpText="realm-settings-help:oAuthDevicePollingInterval"
fieldLabelId="realm-settings:oAuthDevicePollingInterval"
/>
}
>
<Controller
name="oauth2DevicePollingInterval"
defaultValue={0}
control={form.control}
render={({ field }) => (
<NumberInput
id="oAuthDevicePollingInterval"
value={field.value}
min={0}
onPlus={() => field.onChange(field.value || 0 + 1)}
onMinus={() => field.onChange(field.value || 0 - 1)}
onChange={(event) => {
const newValue = Number(event.currentTarget.value);
field.onChange(!isNaN(newValue) ? newValue : 0);
}}
placeholder={t("oAuthDevicePollingInterval")}
/>
)}
/>
</FormGroup>
<FormGroup
label={t("shortVerificationUri")}
fieldId="shortVerificationUri"
@ -150,18 +205,10 @@ export const RealmSettingsTokensTab = ({
/>
}
>
<Controller
name="attributes.shortVerificationUri"
defaultValue=""
control={form.control}
render={({ field }) => (
<KeycloakTextInput
id="shortVerificationUri"
value={field.value}
onChange={field.onChange}
placeholder={t("shortVerificationUri")}
/>
)}
{...form.register("attributes.shortVerificationUri")}
/>
</FormGroup>
</FormAccess>

View file

@ -75,6 +75,8 @@ export default interface RealmRepresentation {
maxFailureWaitSeconds?: number;
minimumQuickLoginWaitSeconds?: number;
notBefore?: number;
oauth2DeviceCodeLifespan?: number;
oauth2DevicePollingInterval?: number;
offlineSessionIdleTimeout?: number;
offlineSessionMaxLifespan?: number;
offlineSessionMaxLifespanEnabled?: boolean;