You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@syncope.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2018/12/21 11:03:00 UTC
[jira] [Commented] (SYNCOPE-1420) Expired Access Tokens might
impede successful authentication
[ https://issues.apache.org/jira/browse/SYNCOPE-1420?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16726657#comment-16726657 ]
ASF subversion and git services commented on SYNCOPE-1420:
----------------------------------------------------------
Commit 79964a9d6bc62c4baced7864db417729a54cd989 in syncope's branch refs/heads/2_1_X from Francesco Chicchiriccò
[ https://gitbox.apache.org/repos/asf?p=syncope.git;h=79964a9 ]
[SYNCOPE-1420] Replacing expired access tokens upon login
> Expired Access Tokens might impede successful authentication
> ------------------------------------------------------------
>
> Key: SYNCOPE-1420
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1420
> Project: Syncope
> Issue Type: Bug
> Components: core
> Affects Versions: 2.0.11, 2.1.2
> Reporter: Francesco Chicchiriccò
> Assignee: Francesco Chicchiriccò
> Priority: Major
> Labels: jwt
> Fix For: 2.0.12, 2.1.3, 3.0.0
>
>
> The {{ExpiredAccessTokenCleanup}} task is set to run every 5 minutes by default: this timing can be reduced to 2 minutes, but not less - as any other job driven by Quartz.
> It could happen, then, that for a period of at least 2 minutes (5 by default), all authentication attempts will fail by any user which owns an expired, yet still not removed, Access Token.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)