Pull requests

#56 Open

JWT token expiration leeway + minor error logging adjustments

Bitbucket cannot automatically merge this request.

The commits that make up this pull request have been removed.

Bitbucket cannot automatically merge this request due to conflicts.

Review the conflicts on the Overview tab. You can then either decline the request or merge it manually on your local system using the following commands:

git checkout master
git remote add comalatech/atlassian-connect-express https://bitbucket.org/comalatech/atlassian-connect-express.git
git fetch comalatech/atlassian-connect-express
git merge --no-ff -m 'Merged in comalatech/atlassian-connect-express (pull request #56)' remotes/comalatech/atlassian-connect-express/master
  1. Roberto Dominguez


Just created this PR, FYI, in case you want to incorporate the changes I've made in our fork:

  • The ability to set al leeway for the JWT token expiration. It can be set on a per authentication middleware instance basis, i.e. you can set it only on a given path.
  • Minor adjustments on the logging on error (i.e. the issuer/clientId, when known, is not set as part of the error message, but as separate parameter)

Comments (1)

  1. Seb Ruiz

    Roberto Dominguez, Thanks for the PR. In general, looks good. A few points:

    • Please follow code style - spaces etc... (will help get your PR into the project)
    • leeway is an undescriptive variable name. Probably worth renaming to jwtExpiryLeewayMs (or similar)
    • Should be documented somewhere?
    • Should be tested

    As for accepting the PR - I'll need to speak about it with the team and we'll review to see if we believe it is good practice to bake in security workarounds/relaxations into an official client for AC.

    If we choose not to, I would suggest that we re-architect this change to allow overriding the retrieval of the JWT token or token expiry which would allow you to have custom handlers without worrying about a fork of the lib.