Skip to content

fix: adjust IAM token expiration time #189

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 28, 2024
Merged

fix: adjust IAM token expiration time #189

merged 1 commit into from
Feb 28, 2024

Conversation

padamstx
Copy link
Member

This commit changes the IAM, Container and VPC Instance authenticators slightly so that an IAM access token will be viewed as "expired" when the current time is within 10 seconds of the official expiration time. IOW, we'll expire the access token 10 secs earlier than the IAM server-computed expiration time.
We're doing this to avoid a scenario where
an IBM Cloud service receives a request along
with an "almost expired" access token and then uses that token to perform downstream requests in a
somewhat longer-running transaction and then the
access token expires while that transaction is
still active.

@padamstx
fix: adjust IAM token expiration time
45695e9 
This commit changes the IAM, Container and VPC Instance
authenticators slightly so that an IAM access token
will be viewed as "expired" when the current time is
within 10 seconds of the official expiration time.
IOW, we'll expire the access token 10 secs earlier
than the IAM server-computed expiration time.
We're doing this to avoid a scenario where
an IBM Cloud service receives a request along
with an "almost expired" access token and then uses
that token to perform downstream requests in a
somewhat longer-running transaction and then the
access token expires while that transaction is
still active.

Signed-off-by: Phil Adams <[email protected]>
@padamstx padamstx self-assigned this Feb 26, 2024
@padamstx padamstx requested review from pyrooka and dpopp07 February 26, 2024 20:36
pyrooka
pyrooka approved these changes Feb 27, 2024
View reviewed changes
Copy link
Member

@pyrooka pyrooka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me!

dpopp07
dpopp07 approved these changes Feb 27, 2024
View reviewed changes
Copy link

@dpopp07 dpopp07 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! 👍

@padamstx padamstx merged commit f4f0b5a into main Feb 28, 2024
@padamstx padamstx deleted the issue-3862 branch February 28, 2024 16:42
ibm-devx-sdk pushed a commit that referenced this pull request Feb 28, 2024
@semantic-release-bot
chore(release): 3.19.2 release notes
6a03380 
## [3.19.2](v3.19.1...v3.19.2) (2024-02-28)

### Bug Fixes

* adjust IAM token expiration time ([#189](#189)) ([f4f0b5a](f4f0b5a))
@ibm-devx-sdk
Copy link

🎉 This PR is included in version 3.19.2 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dpopp07 dpopp07 dpopp07 approved these changes

@pyrooka pyrooka pyrooka approved these changes

Assignees

@padamstx padamstx

Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@padamstx @ibm-devx-sdk @dpopp07 @pyrooka