[ https://issues.apache.org/jira/browse/NIFI-4210?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16109940#comment-16109940 ] ASF GitHub Bot commented on NIFI-4210: -------------------------------------- Github user alopresto commented on a diff in the pull request: https://github.com/apache/nifi/pull/2047#discussion_r130748639 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/oidc/OidcService.java --- @@ -0,0 +1,207 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.web.security.oidc; + +import com.google.common.cache.Cache; +import com.google.common.cache.CacheBuilder; +import com.nimbusds.oauth2.sdk.AuthorizationGrant; +import com.nimbusds.oauth2.sdk.Scope; +import com.nimbusds.oauth2.sdk.id.State; +import org.apache.nifi.web.security.util.CacheKey; + +import java.io.IOException; +import java.math.BigInteger; +import java.net.URI; +import java.security.SecureRandom; +import java.util.concurrent.ExecutionException; +import java.util.concurrent.TimeUnit; + +import static org.apache.nifi.web.security.oidc.StandardOidcIdentityProvider.OPEN_ID_CONNECT_SUPPORT_IS_NOT_CONFIGURED; + +/** + * OidcService is a service for managing the OpenId Connect Authorization flow. + */ +public class OidcService { + + private OidcIdentityProvider identityProvider; + private Cache stateLookupForPendingRequests; // identifier from cookie -> state value + private Cache jwtLookupForCompletedRequests; // identifier from cookie -> jwt or identity (and generate jwt on retrieval) + + /** + * Creates a new OtpService with an expiration of 5 minutes. + */ + public OidcService(final OidcIdentityProvider identityProvider) { + this(identityProvider, 60, TimeUnit.SECONDS); --- End diff -- The Javadoc says the expiration is 5 minutes, but it looks like this is hardcoded to 1 minute. > Add OpenId Connect support for authenticating users > --------------------------------------------------- > > Key: NIFI-4210 > URL: https://issues.apache.org/jira/browse/NIFI-4210 > Project: Apache NiFi > Issue Type: Improvement > Components: Core Framework, Core UI > Reporter: Matt Gilman > Assignee: Matt Gilman > > Add support for authenticating users with the OpenId Connection specification. Evaluate whether a new extension point is necessary to allow for a given provider to supply custom code for instance to implement custom token validation. -- This message was sent by Atlassian JIRA (v6.4.14#64029)