search

cloudentity / oauth2c

User-friendly OAuth2 CLI
https://cloudentity.github.io/oauth2c/
Apache License 2.0
769 stars 29 forks source link

Add browser timeout #78

Closed mbilski closed 1 year ago

mbilski commented 1 year ago

74 Added --browser-timeout 5m flag. Renamed current timeout (default 1m) to --http-timeout

oauth2c on  feature/callback-timeout [$!?] via 🐹 v1.21.0
❯ go run . https://oauth2c.us.authz.cloudentity.io/oauth2c/demo \
  --client-id cauktionbud6q8ftlqq0 \
  --client-secret HCwQ5uuUWBRHd04ivjX5Kl0Rz8zxMOekeLtqzki0GPc \
  --response-types code \
  --response-mode query --callback-timeout 10s \
  --grant-type authorization_code \
  --auth-method client_secret_basic \
  --scopes openid,email,offline_access
┌───────────────────────────────────────────────────────────────────────┐
| Issuer URL     | https://oauth2c.us.authz.cloudentity.io/oauth2c/demo |
| Grant type     | authorization_code                                   |
| Auth method    | client_secret_basic                                  |
| Scopes         | openid, email, offline_access                        |
| Response types | code                                                 |
| Response mode  | query                                                |
| PKCE           | false                                                |
| Client ID      | cauktionbud6q8ftlqq0                                 |
| Client secret  | HCwQ5uuUWBRHd04ivjX5Kl0Rz8zxMOekeLtqzki0GPc          |
└───────────────────────────────────────────────────────────────────────┘

                                                                                                    Authorization Code Flow

# Request authorization

GET https://oauth2c.us.authz.cloudentity.io/oauth2c/demo/oauth2/authorize
Query params:
  scope: openid email offline_access
  state: nDLeQzJphepWpxVbZympud
  client_id: cauktionbud6q8ftlqq0
  nonce: L4EkCd6M2RRBNzb3fc7tPu
  redirect_uri: http://localhost:9876/callback
  response_mode: query
  response_type: code

Open the following URL:

https://oauth2c.us.authz.cloudentity.io/oauth2c/demo/oauth2/authorize?client_id=cauktionbud6q8ftlqq0&nonce=L4EkCd6M2RRBNzb3fc7tPu&redirect_uri=http%3A%2F%2Flocalhost%3A9876%2Fcallback&response_mode=query&response_type=code&scope=openid+email+offline_access&state=nDLeQzJphepWpxVbZympud

  ERROR   timeout
exit status 1
schlomo commented 1 year ago

Are there any other scenarios where oauth2c might wait forever? If yes, then please also add timeouts for them.

Maybe having a common --timeout parameter to set all timeouts would be nice, in many cases I wouldn't care where exactly the timeout happens and I'd need it more as a way to say "if I don't get a token within 1 minute then abort with an error, no matter why that happened".

mbilski commented 1 year ago

@schlomo Everywhere else we already have the HTTP client timeout (by default 60s). I think it makes sense to have two distinct timeout configurations. The http requests are fast, while it might take time for a user to log in via a browser especially if 2FA is used etc. I will rename those to --browser-timeout and --http-timeout to clarify