Make expiry of auth requests configurable

2018-12-13 11:40:58 +01:00
parent aafbaa36c5
commit 468c74d1d2
5 changed files with 22 additions and 6 deletions
--- a/cmd/dex/config.go
+++ b/cmd/dex/config.go
@@ -233,6 +233,9 @@ type Expiry struct {

 	// IdTokens defines the duration of time for which the IdTokens will be valid.
 	IDTokens string `json:"idTokens"`
+
+	// AuthRequests defines the duration of time for which the AuthRequests will be valid.
+	AuthRequests string `json:"authRequests"`
 }

 // Logger holds configuration required to customize logging for dex.
--- a/cmd/dex/config_test.go
+++ b/cmd/dex/config_test.go
@@ -64,6 +64,7 @@ staticPasswords:
 expiry:
  signingKeys: "6h"
  idTokens: "24h"
+  authRequests: "24h"

 logger:
  level: "debug"
@@ -131,8 +132,9 @@ logger:
 			},
 		},
 		Expiry: Expiry{
-			SigningKeys: "6h",
-			IDTokens:    "24h",
+			SigningKeys:  "6h",
+			IDTokens:     "24h",
+			AuthRequests: "24h",
 		},
 		Logger: Logger{
 			Level:  "debug",
--- a/cmd/dex/serve.go
+++ b/cmd/dex/serve.go
@@ -242,6 +242,14 @@ func serve(cmd *cobra.Command, args []string) error {
 		logger.Infof("config id tokens valid for: %v", idTokens)
 		serverConfig.IDTokensValidFor = idTokens
 	}
+	if c.Expiry.AuthRequests != "" {
+		authRequests, err := time.ParseDuration(c.Expiry.AuthRequests)
+		if err != nil {
+			return fmt.Errorf("invalid config value %q for auth request expiry: %v", c.Expiry.AuthRequests, err)
+		}
+		logger.Infof("config auth requests valid for: %v", authRequests)
+		serverConfig.AuthRequestsValidFor = authRequests
+	}

 	serv, err := server.NewServer(context.Background(), serverConfig)
 	if err != nil {