[Iplant-api-dev] OAuth expire time inconsistent
Rion Dooley
dooley at tacc.utexas.edu
Fri Mar 27 07:36:07 MST 2015
Joe will be able to comment in much greater depth about our OAuth2 implementation, but this specific question is easily explained. When you login, you have established who you are and are granted a bearer token valid for 4 hours. If you authenticate again, you have proved who you are again and get another 4 hour token. Password flow requests are idempotent. The fact that you have the username and password speaks to the trust required to initiate that flow.
On the other hand, when you bounce around between multiple flows, alternating between authentications in high trust and low trust scenarios, your token can get rejected in the lower trust scenario. I don’t think this is necessarily the best approach, and it’s something that is already addressed in the next version of our server, but it is what it is right now.
—
Rion
On Mar 27, 2015, at 9:14 AM, Duvick, Jonathan P [GDCBS] <jduvick at iastate.edu<mailto:jduvick at iastate.edu>> wrote:
Another curious observation: multiple logins (grant-type=password) with the same credentials returns different 'expires_in' times, with the first one off by 5 minutes relative to subsequent logins.
Example:
1st login: expires_in = 1427474948
2nd login: expires_in = 1427474648
3rd login: expires_in = 1427474648
Jon Duvick
PlantGDB Manager
http://www.plantgdb.org/
Department of Genetics, Development and Cell Biology
2258 Molecular Biology Building
Iowa State University
Ames IA 50011
(515) 294-2360
(515) 294-6755 FAX
_______________________________________________
Iplant-api-dev Mailing List: Iplant-api-dev at iplantcollaborative.org<mailto:Iplant-api-dev at iplantcollaborative.org>
List Info and Archives: http://mail.iplantcollaborative.org/mailman/listinfo/iplant-api-dev
One-click Unsubscribe: http://mail.iplantcollaborative.org/mailman/options/iplant-api-dev/dooley%40tacc.utexas.edu?unsub=1&unsubconfirm=1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.iplantcollaborative.org/pipermail/iplant-api-dev/attachments/20150327/e5e68e43/attachment.html
More information about the Iplant-api-dev
mailing list