[WFCORE-5691] proposal for bearer token timeout introspection #578
Conversation
rsearls
force-pushed
the
EAP7-1856-Bearer-Token-Authorization-Timeout
branch
from
c351ece
to
1de0fea
Compare
|
Hi @rsearls. Please update the commit message, PR title and the 'Issue' section to focus on WFCORE-5691. These are upstream analyses so an EAP7 is at most a 'related issue' of interest to EAP developers who have the ability to view that project. Thanks! |
| @@ -0,0 +1,120 @@ | |||
| = [Preview] Bearer token timeout configurability will be added to WildFly's Elytron subsystem. | |||
There was a problem hiding this comment.
This needs to category front matter -- see the first seven lines of https://raw.githubusercontent.com/wildfly/wildfly-proposals/main/design-doc-template.adoc.
|
|
||
| === Hard Requirements | ||
|
|
||
| * Two new attributes, `connectionTimeout` and `readTimeout` will be |
There was a problem hiding this comment.
WildFly management API attributes should not be camel case, so these would be connection-timeout and read-timeout.
rsearls
force-pushed
the
EAP7-1856-Bearer-Token-Authorization-Timeout
branch
from
1260054
to
07162cb
Compare
| Bearer Token Authorization is the process of authorizing HTTP requests based on | ||
| the existence and validity of a bearer token. The token carries within it | ||
| an expiration timestamp. The two parameters being added, connection-timeout | ||
| and read-timeout are placed on the URL used in retrieving the public key. |
There was a problem hiding this comment.
"are placed on the URL" -> It would be good to reword this last sentence a bit to explain what the attributes will be used for, i.e., used when obtaining the public key from the OAuth2 provider.
|
|
||
| * https://issues.redhat.com/browse/EAP7-1856[EAP7-1856] | ||
| * https://issues.redhat.com/browse/ELY-2189[ELY-2189] | ||
| * https://issues.redhat.com/browse/EAPSUP-640[EAPSUP-640] |
There was a problem hiding this comment.
We can remove the reference to the EAPSUP I think, it should be linked from the EAP7 issue.
|
|
||
| == Backwards Compatibility | ||
|
|
||
| For backward compatibility the default value of 2000 milliseconds will be used. This is a hard coded value used in Elytron since 2021. |
There was a problem hiding this comment.
Just to check, is this default value used for both attributes?
|
|
||
| == Test Plan | ||
|
|
||
| * WildFly Tests: Integration test cases implemented for functionality. |
There was a problem hiding this comment.
Do we also have tests in the Elytron testsuite that make use of the read timeout and connection timeout?
|
@rsearls Thanks for updating the commit message! Please also update the title as well to reference the community issue. |
|
can you be more specific about what you want added to the title? |
Instead of [EAP7-1856], it should reference the community issue, [WFCORE-5691] (just like the commit message was updated). Just to clarify, I'm referring to the PR title that appears at the top (not the analysis doc title). You should see an Edit button at the top of the PR near "[EAP7-1856] proposal for bearer token timeout introspection #578". |
rsearls
force-pushed
the
EAP7-1856-Bearer-Token-Authorization-Timeout
branch
from
07162cb
to
0624111
Compare
rsearls
changed the title
| Bearer Token Authorization is the process of authorizing HTTP requests based on | ||
| the existence and validity of a bearer token. The token carries within it | ||
| an expiration timestamp. The two parameters being added, connection-timeout | ||
| and read-timeout are placed on the URL when obtaining the public key from the OAuth2 provider. |
There was a problem hiding this comment.
What public key?
What does placing these parameters on the URL do?
A user story would be good here.
https://issues.redhat.com/browse/WFCORE-5691
https://issues.redhat.com/browse/EAP7-1856