Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve authentication/registration session expiration #287

Open
phavekes opened this issue Nov 30, 2024 · 0 comments
Open

Improve authentication/registration session expiration #287

phavekes opened this issue Nov 30, 2024 · 0 comments

Comments

@phavekes
Copy link
Member

This issue is imported from pivotal - Originaly created at Sep 2, 2024 by Pieter van der Meulen

Currently during the authentication polling sequence of the web-client, the tiqr GSSP will test if the authentication session is not expired by calling getauthenticationurl(). If the authentications session is expired this will generate errors and the server will return a "timeout" status to the web client.

No expiry check is performed during the enrollment polling sequence, that should be added.

Ideally the UI in the web client should provide feedback to the user that the authentication / enrollment session has expired, for now the goal is that this situation is clearly visible in the logs and can be differentiated from thing like missing cookkies or sessions.

The tiqr GSSP must be able to do handle the timeout situation itself. The expiration times are configured as constants in the Tiqr_Service class and are public. These expiration times can be evaluated in the GSSP itself. To do this, we need to start tracking the start of the authn/registration. And start rejecting the authentication/enrollment a few seconds (e.g. 5 seconds) before the actual expiration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: New
Development

No branches or pull requests

1 participant