-
Notifications
You must be signed in to change notification settings - Fork 193
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: ID Token Caching for GCECredentials #510
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't need to check validity of cached ID tokens as the cache config has a lifetime of 1500 seconds whereas id tokens have lifetime of 3600 seconds.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry about the delay on my side, I didn't get the chance to fully test my proposed changes due to the Holidays. Just as I was about to open a PR, I see you've applied the same changes. FWIW, looks good to me 🙂
I installed this version using composer require google/auth:dev-fix-token-caching-issue-503
to check it out where I first discovered the issue and that seems to no longer be causing an issue.
* Implement logic * Test logic
8f1dbd3
to
6765476
Compare
Don't forget that the cache config is a user supplied value and can be changed. |
Yes this seems concerning. We should either have a id token validity check or an ability to clear the cache. Other creds id token caching also suffers from same problem as we have been expecting that id tokens have null lifetime in our library. @bshaffer I have a couple of ideas on how to solve them. Shall we take that up on another PR? (Since it's scope would be more that just fixing GCECreds) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks great! Just two minor suggestions
c22fc3a
to
57ce568
Compare
Fixes #503