Re: Bodhi 6.0: What's new

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> * What is the expiration period? Or, can we set the expiration date ourselves?

What expiration do you mean? The buildroot override setting that save_override() gives access to is really unrelated to authentication and you probably don't need it if you didn't need it before.
If you mean when OpenID auth will be removed from the server, I'm not sure. I guess we can give something like 6 months for people to upgrade to OIDC, but if there are blockers with this upgrade I'd be happy to help make the transition.

> * Can we use multiple tokens in parallel to ease the transition before the expiration? Or, in other words, is the token revoked once we generate a new one? If not, can we revoke it?

Yes, you can have multiple tokens. To remove a token, I don't have a clear procedure, I'd need to have a look at Ipsilon's docs/code to see how it should be done.
Basically when you login you get two tokens, one "access token" and one "refresh token". The access token is short lived (like an hour I think) and is what the bodhi client will transmit to the bodhi server. When it expires, the bodhi client will send the "refresh token" to ipsilon to get a new access token. The refresh token is long-lived (months I think), but will only be communicated to ipsilon, not to Bodhi or any other apps.
When the refresh token expires, the bodhi client will ask the user to re-authenticate. There is currently no process to automate that as far as I can tell, so you may need to update the JSON file a couple times a year (I'm not sure how long those tokens live in prod, I need to check). It's somewhat like renewing a certificate.

Cheers!

Aurélien
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux