[4/n] Let user request a specific TTL for a token #8231
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
david-crespo
force-pushed
the
device-auth-ttl
branch
2 times, most recently
from
67e596d to
1f03596
Compare
7 tasks
david-crespo
force-pushed
the
device-auth-ttl
branch
2 times, most recently
from
fb2efbe to
72c81dd
Compare
david-crespo
force-pushed
the
device-auth-ttl
branch
from
72c81dd to
ae3cd6b
Compare
david-crespo
force-pushed
the
device-tokens-api
branch
from
214811b to
f18022c
Compare
david-crespo
force-pushed
the
device-auth-ttl
branch
from
ae3cd6b to
47f0a8b
Compare
david-crespo
force-pushed
the
device-tokens-api
branch
from
f18022c to
6811931
Compare
david-crespo
force-pushed
the
device-auth-ttl
branch
2 times, most recently
from
e9b8ab1 to
28485f3
Compare
david-crespo
force-pushed
the
device-tokens-api
branch
from
6811931 to
1467bfd
Compare
david-crespo
force-pushed
the
device-auth-ttl
branch
from
28485f3 to
771b719
Compare
david-crespo
force-pushed
the
device-tokens-api
branch
from
1467bfd to
3e15398
Compare
7 tasks
david-crespo
force-pushed
the
device-auth-ttl
branch
from
771b719 to
9890dfe
Compare
david-crespo
force-pushed
the
device-tokens-api
branch
from
3e15398 to
f6a9934
Compare
david-crespo
force-pushed
the
device-tokens-api
branch
from
f6a9934 to
66254ea
Compare
david-crespo
force-pushed
the
device-auth-ttl
branch
from
9890dfe to
2c789de
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #8147.
Built on #8137, #8214, and #8227.
This is pretty straightforward, I think. The user gives us a TTL in seconds at token request time. We store it on the request row. When they come back in the later step to confirm the code and generate the token, we retrieve the TTL, validate that it is less than the silo max (if one is set), and we use it to generate the
time_expirestimestamp, which cannot be changed later.One slightly surprising bit is that we can't validate the TTL against the silo max at initial request time because we don't have any idea what silo the user is associated with until the confirm step. So probably want to make sure we are handling TTL validation errors nicely in the web console, because I think that's where they will show up.