[
https://issues.apache.org/jira/browse/KNOX-3038?focusedWorklogId=918500&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-918500
]
ASF GitHub Bot logged work on KNOX-3038:
----------------------------------------
Author: ASF GitHub Bot
Created on: 09/May/24 09:00
Start Date: 09/May/24 09:00
Worklog Time Spent: 10m
Work Description: smolnar82 opened a new pull request, #907:
URL: https://github.com/apache/knox/pull/907
## What changes were proposed in this pull request?
To honor the contract of the existing expiration time field in Knox Tokens,
I removed the override in the new `OAuthResource` class. Thus, everything that
depends on this field will be the same as in the case of our "regular" tokens
(token eviction is the most important piece here).
To indicate the actual OAuth token lifetime, I added a new field in the
generated JSON response called `lifetime_secs` that indicates what @lmccay
wanted to have in the `expires_in` field in his original patch.
## How was this patch tested?
Updated JUnit tests and executed manual testing:
```
$ curl -ik -X POST -H "Content-Type: application/x-www-form-urlencoded"
--data "grant_type=client_credentials" --data "client_id=$CLIENT_ID"
--data-urlencode "client_secret=$CLIENT_SECRET"
https://localhost:8443/gateway/tokenbased/oauth/v1/token
HTTP/1.1 200 OK
Date: Thu, 09 May 2024 08:18:18 GMT
Content-Type: application/json
Content-Length: 1098
{"access_token":"eyJqa...0ijh_g","refresh_token":"a36bafd4...9491-7e17e710a004","lifetime_secs":10368000,"issued_token_type":"urn:ietf:params:oauth:token-type:access_token","token_type":"Bearer","expires_in":1725610698544}
```
The `tokenabased` topology was configured with `knox.token.ttl =
10368000000`. As you can see, the `lifetime_secs` field in the response got
populated as expected (converted the given TTL milliseconds to seconds).
Issue Time Tracking
-------------------
Worklog Id: (was: 918500)
Remaining Estimate: 0h
Time Spent: 10m
> OAuth resource tokens are short-lived
> -------------------------------------
>
> Key: KNOX-3038
> URL: https://issues.apache.org/jira/browse/KNOX-3038
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 2.1.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Blocker
> Fix For: 2.1.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The tokens generated using the new OAuth resource (see KNOX-3028 for details)
> have their expiration time in a format that indicates the time (in
> milliseconds) from the epoch. This is wrong because the reaper thread will
> eliminate them as soon as the next time it's triggered.
> It's also important to emphasize, that tokens generated on the path need some
> sort of indication of this value in the response.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
