keycloak-scim

History

Alexander Bokovoy 1915f11cba OAuth2DeviceConfig: fix polling interval defaults Instead of DEFAULT_OAUTH2_DEVICE_POLLING_INTERVAL, constant for the lifespan was used to initialize the default polling interval. This leads to inability to continuously poll the result as the result stuck in the actionTokens cache for far longer than expected (600 seconds instead of 5 seconds). As a result, only the first request for the token succeeds if a resource owner already did grant the access. If that has not happened, any additional polling within 600 seconds would get rejected with a 'slow_down' response. This makes hard to write OAuth 2.0 clients using device code authorization grant flow against multiple IdPs. Microsoft's implementation of OAuth 2.0 device code grant flow requires 'nudging' the Authorization Server's token endpoint before it even starts recognizing the device code. Keycloak mismatch of the polling interval default makes this flow impossible. Closes #12327 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>	2022-06-06 11:54:56 +02:00
..
src	OAuth2DeviceConfig: fix polling interval defaults	2022-06-06 11:54:56 +02:00
pom.xml	Set version to 999-SNAPSHOT (#10784 )	2022-03-22 09:22:48 +01:00

Alexander Bokovoy 1915f11cba OAuth2DeviceConfig: fix polling interval defaults

Instead of DEFAULT_OAUTH2_DEVICE_POLLING_INTERVAL, constant for the
lifespan was used to initialize the default polling interval.

This leads to inability to continuously poll the result as the result
stuck in the actionTokens cache for far longer than expected (600
seconds instead of 5 seconds). As a result, only the first request for
the token succeeds if a resource owner already did grant the access. If
that has not happened, any additional polling within 600 seconds would
get rejected with a 'slow_down' response.

This makes hard to write OAuth 2.0 clients using device code
authorization grant flow against multiple IdPs. Microsoft's
implementation of OAuth 2.0 device code grant flow requires 'nudging'
the Authorization Server's token endpoint before it even starts
recognizing the device code. Keycloak mismatch of the polling interval
default makes this flow impossible.

Closes #12327

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

2022-06-06 11:54:56 +02:00

src

OAuth2DeviceConfig: fix polling interval defaults

2022-06-06 11:54:56 +02:00

pom.xml

Set version to 999-SNAPSHOT (#10784 )

2022-03-22 09:22:48 +01:00