Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

server: fix expiry detection for verification keys #829

Merged
merged 1 commit into from
Mar 1, 2017
Merged

server: fix expiry detection for verification keys #829

merged 1 commit into from
Mar 1, 2017

Conversation

ericchiang
Copy link
Contributor

updates #828

dghubble
dghubble reviewed Mar 1, 2017
View reviewed changes
server/rotation.go Outdated
@@ -132,7 +132,7 @@ func (k keyRotater) rotate() error {
i := 0

for _, key := range keys.VerificationKeys {
if !key.Expiry.After(tNow) {
if key.Expiry.After(tNow) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

// key is still valid, include it in the VerificationKeys

rithujohn191
rithujohn191 approved these changes Mar 1, 2017
View reviewed changes
Copy link
Contributor

@rithujohn191 rithujohn191 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the fix. LGTM!

@ericchiang
Copy link
Contributor Author

@rithujohn191 can you take a look at the PR again? I've added a few more comments to the rotation code.

ericchiang
ericchiang commented Mar 1, 2017
View reviewed changes
server/rotation.go
for _, key := range keys.VerificationKeys {
if !key.Expiry.After(tNow) {
if !expired(key) {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only functional change. Everything else is comments and renaming.

rithujohn191
rithujohn191 reviewed Mar 1, 2017
View reviewed changes
Copy link
Contributor

@rithujohn191 rithujohn191 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the comments. Just one suggestion.

server/rotation.go Outdated
// After demoting the signing key, keep the token around for at least
// the amount of time an ID Token is valid for. This ensures the
// verification key won't expire until all ID Tokens is could have
// signed have expired as well.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"This ensures the verification key won't expire until all ID Tokens it has signed have expired as well"?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks, updated.

@ericchiang ericchiang merged commit 3e5480a into dexidp:master Mar 1, 2017
@ericchiang ericchiang deleted the fix-keys-expiry branch March 1, 2017 20:46
@ericchiang ericchiang mentioned this pull request Mar 1, 2017
Merged
@joshrosso joshrosso mentioned this pull request Mar 1, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rithujohn191 rithujohn191 rithujohn191 approved these changes

@dghubble dghubble dghubble left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ericchiang @dghubble @rithujohn191