syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SYNCOPE-1420) Expired Access Tokens might impede successful authentication
Date Fri, 21 Dec 2018 11:03:00 GMT

    [ https://issues.apache.org/jira/browse/SYNCOPE-1420?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16726657#comment-16726657
] 

ASF subversion and git services commented on SYNCOPE-1420:
----------------------------------------------------------

Commit 79964a9d6bc62c4baced7864db417729a54cd989 in syncope's branch refs/heads/2_1_X from
Francesco Chicchiriccò
[ https://gitbox.apache.org/repos/asf?p=syncope.git;h=79964a9 ]

[SYNCOPE-1420] Replacing expired access tokens upon login


> Expired Access Tokens might impede successful authentication
> ------------------------------------------------------------
>
>                 Key: SYNCOPE-1420
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1420
>             Project: Syncope
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 2.0.11, 2.1.2
>            Reporter: Francesco Chicchiriccò
>            Assignee: Francesco Chicchiriccò
>            Priority: Major
>              Labels: jwt
>             Fix For: 2.0.12, 2.1.3, 3.0.0
>
>
> The {{ExpiredAccessTokenCleanup}} task is set to run every 5 minutes by default: this
timing can be reduced to 2 minutes, but not less - as any other job driven by Quartz.
> It could happen, then, that for a period of at least 2 minutes (5 by default), all authentication
attempts will fail by any user which owns an expired, yet still not removed, Access Token.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message