admin管理员组

文章数量:1123687

The state: 2 Quarkus apps with Rest endpoints using JWT tokens for auth.

The scenario:

A user calls the API of the first app using a JWT token that is close to expiration but not expired yet. Let’s say will expire in 5 seconds.

We have 2 Quarkus services, the first one accepts the call with the above token and after processing for 10 seconds it does a call to a second quarkus app using a token propagation rest client. As a result, the second call is failing with 401 Auth error forced from the second app, since the propagated token has been expired. Is there a solution to this problem?

What we already did:

We tried to extend lifespan the expiration check that quarkus does using several properties such below but nothing works:

quarkus.oidc.credentials.jwt.lifespan
quarkus.oidc.token.lifespan-grace
mp.jwt.verify.clock.skew

The only successful approach was to change the value of the io.quarkus.oidc. OidcTenantConfig.lifespanGrace by hand during a debug session. So, the question is how can we set a custom value in the above field using a property or a programmatic way?

The state: 2 Quarkus apps with Rest endpoints using JWT tokens for auth.

The scenario:

A user calls the API of the first app using a JWT token that is close to expiration but not expired yet. Let’s say will expire in 5 seconds.

We have 2 Quarkus services, the first one accepts the call with the above token and after processing for 10 seconds it does a call to a second quarkus app using a token propagation rest client. As a result, the second call is failing with 401 Auth error forced from the second app, since the propagated token has been expired. Is there a solution to this problem?

What we already did:

We tried to extend lifespan the expiration check that quarkus does using several properties such below but nothing works:

quarkus.oidc.credentials.jwt.lifespan
quarkus.oidc.token.lifespan-grace
mp.jwt.verify.clock.skew

The only successful approach was to change the value of the io.quarkus.oidc. OidcTenantConfig.lifespanGrace by hand during a debug session. So, the question is how can we set a custom value in the above field using a property or a programmatic way?

  • jwt
  • openid-connect
  • quarkus
Share Improve this question asked yesterday Tzoras SpirosTzoras Spiros 211 bronze badge 0
Add a comment  | 

1 Answer 1

Reset to default 0

Actually the quarkus.oidc.token.lifespan-grace=60 is doing the work as expected. Current time is allowed to be later than token expiration time by at most the configured number of seconds.

In my case this was not working because I was overriding the configuration using the implements TenantConfigResolver so I had to add the equivalent there config.getToken().setLifespanGrace(60);

本文标签: openid connectQuarkus JWT token expiration time extensionlifespan graceStack Overflow

版权声明:本文标题:openid connect - Quarkus JWT token expiration time extensionlifespan grace - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736585876a1945009.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。