fix/jwtSync #71
fix/jwtSync #71
Conversation
fixes spotify#68 per example in related issue; time sync issue can occur when setting issued at to be the current time. This sets the issued at to be 1 minute earlier to avoid this. Tested locally for 2 days with no issues.
|
@henriquetruta thoughts? |
|
@neonal Thoughts? |
|
@henriquetruta thoughts? i see you merged a couple of other PRs that were opened after mine. Wondering when we can get this merged; This is a blocker for my team to use this project ;( |
|
any thoughts? |
|
@neonal?? Looks like you merged a PR a few hours ago. Wondering if you can take a look at this PR?? Or can we get some guidance on if you guys actually accept PR from external? |
|
@barbatron Can I get a quick look? |
|
@barbatron looks like you are looking at some other prs; could i get a look see? maybe a comment or 3? |
| @@ -74,7 +75,7 @@ public String getToken(final Integer appId) { | |||
| .setIssuer(String.valueOf(appId)) | |||
| .signWith(signingKey, SIGNATURE_ALGORITHM) | |||
| .setExpiration(new Date(System.currentTimeMillis() + TOKEN_TTL)) | |||
| .setIssuedAt(new Date()) | |||
| .setIssuedAt(new Date(System.currentTimeMillis() - TOKEN_ISSUED)) | |||
There was a problem hiding this comment.
Could we add a test for this?
If the current time is provided by a Supplier<long> then this could be more easily tested. Perhaps two constructors, one where this supplier is just () -> System.currentTimeMillis() and another ctor w @VisibleForTesting where tests can provide the supplier in order to get known values.
WDYT?
There was a problem hiding this comment.
(Don't feel strongly about it, apart from keeping them checks happy)
There was a problem hiding this comment.
not really sure what i am testing here?
that the setter accepted my new time? or that the time was in fact 60 seconds before now?
I can for sure look into it though if you think a test is for sure needed.
There was a problem hiding this comment.
I can for sure understand getting another constructor in here so that people that dont have drift or care about it can ignore it.
src/main/java/com/spotify/github/v3/clients/JwtTokenIssuer.java
Outdated
Show resolved
Hide resolved
added tests questionably; dont fully understand what else could be tested
|
@barbatron Sorry for the delay; Added the supplier. I defaulted the main supplier to be the same as it is today so that people that update dont see any change to their code; Added the "60000" to the tests; but not sure what we expect to be tested here; Effectively i am testing to see if a jwt is created when using the default and using a custom supplier; If you have any other ideas on what can be tested i am open to suggestion. Right now the output is just a string; sooooo |
|
@bguedel i also see this issue quite frequently in my app. using the 0.1.24 version. @barbatron can we urge this fix to merge? |
|
@shaendler good call; which is essentially used by a request such as which is used by the GithubClient --> to which you create in your app. so this solution wont actually work; though it gives some building blocks to work. Open to suggestion on how we can make it work. Dont love pushing this all the way up to the GithubClient factory methods. Otherwise we go back to hardcoding 60000 (60s)??? |
|
This is currently how we are using this (through those links) //Spring @Configuration file
/**
* Spotify github client.
*
* @return
*/
@Bean
public GitHubClient githubClient() throws IOException {
byte[] decodedBytes = Base64.getDecoder().decode(gitHubProperties.getApp().getPrivateKey());
FileUtils.writeByteArrayToFile(new File(PK_PATH), decodedBytes);
return GitHubClient.create(
URI.create("https://pathTo.github/api/v3"),
FileUtils.getFile(PK_PATH),
gitHubProperties.getApp().getAppId(),
gitHubProperties.getApp().getInstallationId());
} |
|
ill make a pr right quick to change the default behavior to -60s and then still allow someone to override this; i dont forsee this being an issue for current systems; this will solve the issue; but still give the chance to set this directly; if later someone wants to implement a way to use this feature deeper into the system. |
| private static final long TOKEN_TTL = 600_000; | ||
| private static final long TOKEN_ISSUED = 60_000; |
There was a problem hiding this comment.
Fun Fact: Java totally allows _ in numbers for readability;
|
built this locally again and put it in my app; getting the error again; this supplier doesnt seem to be working the way i had expected. |
|
so far this has worked locally; no more 401s |
|
@barbatron Thoughts? |
|
@barbatron Did you forget to submit your review again? |
|
@barbatron hope you are having a good december; Before you cut out for some awesome end of year bash, could i get a comment or 4, or maybe event an approval? dont know why my pr is not really getting built/codecov |
|
Happy New Year Spotify team! Could someone take a look at this and give some feedback or accept the pr? |
|
Hey Spotify team! Just a friendly reminder; Looking to get this into master. Could I get some comments? |
|
Hey there @bguedel , I'm no longer with Spotify so |
|
Just wondering if you had any input on this change? |
|
Wondering if we can get some eyes on this? |
|
Hi @bguedel. We apologise for taking so long to get eyes on this PR, we haven't been able to maintain this library to the standard we would have liked to but this will be changing in the new year. If you could please get this rebased and we'll be prioritising all open PRs ready for review. Thanks! Ellie |
|
Hello, As this PR is now stale and we've not had any new activity on it, we've decided to close it so we can keep track of active/more recent changes. We will leave the branch untouched in case you would like to reopen and rebase. Thanks! Ellie |
fixes #68
per example in related issue; time sync issue can occur when setting issued at to be the current time. This sets the issued at to be 1 minute earlier to avoid this.
Tested locally for 2 days with no issues.