Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

fix: stop extending API key access if OIDC refresh is available#17878

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
spikecurtis merged 4 commits intomainfromspike/17070-apikey-oidc
May 19, 2025

Conversation

spikecurtis
Copy link
Contributor

@spikecurtisspikecurtis commentedMay 16, 2025
edited
Loading

fixes#17070

Cleans up our handling of APIKey expiration and OIDC to keep them separate concepts. For an OIDC-login APIKey, both the APIKey and OIDC link must be valid to login. If the OIDC link is expired and we have a refresh token, we will attempt to refresh.

OIDC refreshes do not have any effect on APIKey expiry.

#17070 (comment) explains why this is the correct behavior.

@spikecurtisGraphite App
Copy link
ContributorAuthor

This stack of pull requests is managed byGraphite. Learn more aboutstacking.

@spikecurtisspikecurtisforce-pushed thespike/17070-apikey-oidc branch from473d5a4 toc430f42CompareMay 16, 2025 11:21
@spikecurtisspikecurtis marked this pull request as ready for reviewMay 16, 2025 11:25
// Checking if the key is expired.
// NOTE: The `RequireAuth` React component depends on this `Detail` to detect when
// the users token has expired. If you change the text here, make sure to update it
// in site/src/components/RequireAuth/RequireAuth.tsx as well.
Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Note thatRequireAuth.tsx was modified to not have this string match dependency in#9442

@spikecurtisGraphite App
Copy link
ContributorAuthor

Also includes some extra logging inoidctest which I figured would be useful to leave in.

Copy link
Member

@mafredrimafredri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Two small suggestions but the change makes sense to me. I can approve if need be but I'd feel better if@Emyrk also took a look, so deferring approval for now.

Copy link
Member

@EmyrkEmyrk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

This all makes sense to me 👍

@spikecurtisspikecurtisforce-pushed thespike/17070-apikey-oidc branch fromc430f42 toe6f157cCompareMay 19, 2025 07:00
@spikecurtisspikecurtisforce-pushed thespike/17070-apikey-oidc branch from05131e2 to45df24dCompareMay 19, 2025 07:51
@spikecurtisspikecurtis merged commit1a41608 intomainMay 19, 2025
35 checks passed
@spikecurtisGraphite App
Copy link
ContributorAuthor

Merge activity

@spikecurtisspikecurtis deleted the spike/17070-apikey-oidc branchMay 19, 2025 08:05
@github-actionsgithub-actionsbot locked and limited conversation to collaboratorsMay 19, 2025
@spikecurtis
Copy link
ContributorAuthor

/cherry-pick release/2.22

@spikecurtis
Copy link
ContributorAuthor

/cherry-pick release/2.21

@spikecurtis
Copy link
ContributorAuthor

/cherry-pick release/2.20

Sign up for freeto subscribe to this conversation on GitHub. Already have an account?Sign in.
Reviewers

@mafredrimafredrimafredri left review comments

@EmyrkEmyrkEmyrk approved these changes

Assignees

@spikecurtisspikecurtis

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

bug: api key not refreshed when api key expired but oauth2 access token not
3 participants
@spikecurtis@mafredri@Emyrk
[8]ページ先頭
©2009-2025 Movatter.jp