Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refresh Token on Demand #2431

Open
wants to merge 28 commits into
base: master
Choose a base branch
from
Open

Refresh Token on Demand #2431

wants to merge 28 commits into from
+293 −17

Conversation

cmbaatz
Copy link

@cmbaatz cmbaatz commented Jan 22, 2024

Description

Adding a refresh endpoint that allows a user to refresh the JWT stored in the session without invalidating the session.

Motivation and Context

Within our application some mutable information is stored as attributes in our IDP (Keycloak). When a detail like a user's role or allowed tenants is updated we would like the ability to force the session store to refresh the JWT from our IDP in order to reflect the new values. We want to perform this operation in a way that is seamless to the user and doesn't require them to re-authenticate as this would be disruptive to their use of the application.

This issue was originally identified in issue #2019

How Has This Been Tested?

Yes,

  1. Tests were added to pkg/middleware/stored_session_test.go
  2. All existing tests were executed
  3. Code has been running in our production for 6+ months

Checklist:

  • My change requires a change to the documentation or CHANGELOG.
  • I have updated the documentation/CHANGELOG accordingly.
  • I have created a feature (non-master) branch for my PR.
  • I have written tests for my code changes.

@cmbaatz cmbaatz requested a review from a team as a code owner January 22, 2024 19:42
@cmbaatz cmbaatz changed the title Refresh Token on Demand WIP:Refresh Token on Demand Jan 23, 2024
@cmbaatz cmbaatz changed the title WIP:Refresh Token on Demand Refresh Token on Demand Jan 24, 2024
@cmbaatz
Copy link
Author

cmbaatz commented Jan 31, 2024

Is it possible to get this pull request reviewed? We find this feature extremely useful for our use case where we have data set in the JWT that may change overtime. The change allows us to force a refresh request from the IDP thereby allowing the JWT to be updated without forcing the user to reauthenticate.

@ljcodigo
Copy link

ljcodigo commented Feb 8, 2024

I agree with @cmbaatz, this will solve several use cases for more than one project 🚀

@ljcodigo
Copy link

PR Is up to date after @cmbaatz merge. :)

@cmbaatz
Copy link
Author

cmbaatz commented Feb 26, 2024

@JoelSpeed , @NickMeves, @tuunit , or @kvanzuijlen this my second attempt to contribute this code to the project and both times it appears that the PR is left to expire. At it's base all this code change does is expose the OIDC/Oauth2 refresh endpoint. How or why that's used by users is entirely up to their own needs from the proxy. How can I help move this PR forward?

@cmbaatz
Copy link
Author

cmbaatz commented Mar 20, 2024

@JoelSpeed, @NickMeves, @tuunit @kvanzuijlen
This PR has been waiting for review for nearly 2 months. How can I help move it up in the list of things to be reviewed?

JoelSpeed
JoelSpeed reviewed Mar 30, 2024
View reviewed changes
Copy link
Member

@JoelSpeed JoelSpeed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if we need to be adding some sort of rate limiting, or minimum refresh period to avoid users spamming this endpoint and causing issues, WDYT?

pkg/middleware/stored_session.go Show resolved Hide resolved
pkg/middleware/stored_session_test.go Show resolved Hide resolved
@ljcodigo
Copy link

ljcodigo commented Apr 1, 2024

I'm really happy that the code review for this PR started :) thanks @JoelSpeed and @cmbaatz :)

tuunit
tuunit requested changes Apr 1, 2024
View reviewed changes
CHANGELOG.md Outdated Show resolved Hide resolved
oauthproxy.go Outdated Show resolved Hide resolved
oauthproxy.go Outdated Show resolved Hide resolved
pkg/middleware/stored_session.go Show resolved Hide resolved
@devildant devildant mentioned this pull request Apr 2, 2024
Closed
@segaura segaura mentioned this pull request May 15, 2024
Closed
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jun 4, 2024

This pull request has been inactive for 60 days. If the pull request is still relevant please comment to re-activate the pull request. If no action is taken within 7 days, the pull request will be marked closed.

@github-actions github-actions bot added the Stale label Jun 4, 2024
@ljcodigo
Copy link

ljcodigo commented Jun 4, 2024

This pull request has been inactive for 60 days. If the pull request is still relevant please comment to re-activate the pull request. If no action is taken within 7 days, the pull request will be marked closed.

Please, don't die.

@github-actions github-actions bot removed the Stale label Jun 9, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Aug 9, 2024

This pull request has been inactive for 60 days. If the pull request is still relevant please comment to re-activate the pull request. If no action is taken within 7 days, the pull request will be marked closed.

@github-actions github-actions bot added the Stale label Aug 9, 2024
@github-actions github-actions bot closed this Aug 16, 2024
@tuunit tuunit reopened this Sep 15, 2024
@tuunit tuunit removed the Stale label Sep 15, 2024
@antoniocasagrande-airia
Copy link

antoniocasagrande-airia commented Dec 10, 2024
edited
Loading

Any updates on this? @cmbaatz do you have helm repo that I could use with your changes? Any plans to bump to latest version?

@jjmanton
Copy link

@tuunit Is there anything remaining on this PR that we can help to get it merged? This functionality would solve a big challenge for us.

@cmbaatz
Merge remote-tracking branch 'upstream/master' into feature/2019
4b33b7e 
# Conflicts:
#	docs/docs/features/endpoints.md
@cmbaatz
Copy link
Author

cmbaatz commented Dec 17, 2024

@tuunit Is there anything remaining on this PR that we can help to get it merged? This functionality would solve a big challenge for us.

@jjmanton So the code is all in place. Last that was asked back in April was for some help cleaning up some of the code in stored_session.go. I didn't have a lot of free time until now, and will try to get around to the work before the end of the year. If you want, I can help you build/deploy my branch onto your system. We have done that for years now and have not had issues.

fyi: @tuunit I just updated my branch, if you would like to forgo the cleanup on the legacy code. I know a number of users have been requesting this feature for some time.

@cmbaatz cmbaatz requested a review from tuunit December 31, 2024 19:21
@cmbaatz
Copy link
Author

cmbaatz commented Jan 4, 2025

@tuunit / @JoelSpeed
All the requested changes you had made have been completed a few weeks ago. Is there anything else I need to do to get this pull request approved?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JoelSpeed JoelSpeed JoelSpeed left review comments

@tuunit tuunit Awaiting requested review from tuunit

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
docs go tests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@cmbaatz @ljcodigo @antoniocasagrande-airia @jjmanton @JoelSpeed @tuunit