Closed webzwo0i closed 2 weeks ago
Is it possible to add expiration date that is greater than 3600s?
No not really. But we could add settings for overriding the value. It is in the security package.
@webzwo0i Should we add the configurable part of this in this pr or should I create a new one for that?
@webzwo0i I was trying to follow your provided code but I am getting error like:
curl --request POST --url 'http://localhost:9001/oidc/token' --header 'content-type: application/x-www-form-urlencoded' --data grant_type=client_credentials --data client_id=client_credentials --data client_secret=client_credentials
{"error":"invalid_client_metadata","error_description":"grant_types can only contain 'implicit' or 'authorization_code'"}
In my settings.json
I have added:
"sso": {
"issuer": "${SSO_ISSUER:http://localhost:9001}",
"clients": [
{
"client_id": "client_credentials",
"redirect_uris": [],
"response_types": [],
"grant_types": ["client_credentials"],
"client_secret": "client_credentials",
"extraParams": [
{
"name": "admin",
"value": "true"
}
]
}
]
}
Any suggestion in where I'm doing mistake?
@webzwo0i I was trying to follow your provided code but I am getting error like:
curl --request POST --url 'http://localhost:9001/oidc/token' --header 'content-type: application/x-www-form-urlencoded' --data grant_type=client_credentials --data client_id=client_credentials --data client_secret=client_credentials
{"error":"invalid_client_metadata","error_description":"grant_types can only contain 'implicit' or 'authorization_code'"}
In my
settings.json
I have added:"sso": { "issuer": "${SSO_ISSUER:http://localhost:9001}", "clients": [ { "client_id": "client_credentials", "redirect_uris": [], "response_types": [], "grant_types": ["client_credentials"], "client_secret": "client_credentials", "extraParams": [ { "name": "admin", "value": "true" } ] } ] }
Any suggestion in where I'm doing mistake?
Can you remove the "grant_types": ["client_credentials"] and replace it with "grant_types": ["code"]?
@SamTV12345 , thanks for reply but I'm getting same error e.g
{"error":"invalid_client_metadata","error_description":"grant_types can only contain 'implicit' or 'authorization_code'"}
by
"sso": {
"issuer": "${SSO_ISSUER:http://localhost:9001}",
"clients": [
{
"client_id": "client_credentials",
"client_secret": "client_credentials",
"grant_types": ["code"],
"redirect_uris": [],
"response_types": [],
"extraParams": [
{
"name": "admin",
"value": "true"
}
]
}
]
}
@SamTV12345 , I just tried from docker etherpad/etherpad:develop
with this settings:
"sso": {
"issuer": "${SSO_ISSUER:http://localhost:9001}",
"clients": [
{
"client_id": "client_credentials",
"client_secret": "client_credentials",
"grant_types": ["client_credentials"],
"redirect_uris": [],
"response_types": [],
"extraParams": [
{
"name": "admin",
"value": "true"
}
]
}
]
}
by calling:
curl --request POST --url 'http://localhost:9001/oidc/token' --header 'content-type: application/x-www-form-urlencoded' --data grant_type=client_credentials --data client_id=client_credentials --data client_secret=client_credentials
This time it was success:
{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6ImF0K2p3dCIsImtpZCI6IjRmV1o3RklESlNaRExkU2xwa2FQODRRMXJGVUo1TXZpdjdiZlZ3YV9pckEifQ.eyJhZG1pbiI6InRydWUiLCJqdGkiOiJJcDE0cVlyeTAwaUs2WDJhTmFIVVUiLCJzdWIiOiJjbGllbnRfY3JlZGVudGlhbHMiLCJpYXQiOjE3MTM2MDYyMzIsImV4cCI6MTcxMzYwOTgzMiwiY2xpZW50X2lkIjoiY2xpZW50X2NyZWRlbnRpYWxzIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo5MDAxIiwiYXVkIjoiYWNjb3VudCJ9.kkagJgEasm-w8jRC3FKAfC1CpU8p9Q5I3zD8LZY7lHfxOMD-NRlmN1kpXnhjmM_CK8kvy1aB-XDtgPJ1HSYlLx0TtwvItoRYix_zmMPjObftjPDSl4q-rHM3-UkKdqCozV8Wm1dzk3dg7Re6Jaa_jjlSKPd4WzmKsAwmWh6R_zqQ4rtYEzNlUaWI6g-_c_SNXlhxuWbjBK_NTQm07HhtPPQPMPaQO-CpRLJk_fS9Kg-25yuUki_KaiKG19xKVfApsnURLC_BDTuR1G4jEOuZRTs61n5xFVuiUaEpayPhGrOMQnU7rx1y7foMTD3_s1hIBufuEf-ehn1DUcaeA7W4PQ","expires_in":3600,"token_type":"Bearer"}
@SamTV12345 , I just tried from docker
etherpad/etherpad:develop
with this settings:"sso": { "issuer": "${SSO_ISSUER:http://localhost:9001}", "clients": [ { "client_id": "client_credentials", "client_secret": "client_credentials", "grant_types": ["client_credentials"], "redirect_uris": [], "response_types": [], "extraParams": [ { "name": "admin", "value": "true" } ] } ] }
by calling:
curl --request POST --url 'http://localhost:9001/oidc/token' --header 'content-type: application/x-www-form-urlencoded' --data grant_type=code --client_credentials client_id=client_credentials --data client_secret=client_credentials
This time it was success:
{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6ImF0K2p3dCIsImtpZCI6IjRmV1o3RklESlNaRExkU2xwa2FQODRRMXJGVUo1TXZpdjdiZlZ3YV9pckEifQ.eyJhZG1pbiI6InRydWUiLCJqdGkiOiJJcDE0cVlyeTAwaUs2WDJhTmFIVVUiLCJzdWIiOiJjbGllbnRfY3JlZGVudGlhbHMiLCJpYXQiOjE3MTM2MDYyMzIsImV4cCI6MTcxMzYwOTgzMiwiY2xpZW50X2lkIjoiY2xpZW50X2NyZWRlbnRpYWxzIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo5MDAxIiwiYXVkIjoiYWNjb3VudCJ9.kkagJgEasm-w8jRC3FKAfC1CpU8p9Q5I3zD8LZY7lHfxOMD-NRlmN1kpXnhjmM_CK8kvy1aB-XDtgPJ1HSYlLx0TtwvItoRYix_zmMPjObftjPDSl4q-rHM3-UkKdqCozV8Wm1dzk3dg7Re6Jaa_jjlSKPd4WzmKsAwmWh6R_zqQ4rtYEzNlUaWI6g-_c_SNXlhxuWbjBK_NTQm07HhtPPQPMPaQO-CpRLJk_fS9Kg-25yuUki_KaiKG19xKVfApsnURLC_BDTuR1G4jEOuZRTs61n5xFVuiUaEpayPhGrOMQnU7rx1y7foMTD3_s1hIBufuEf-ehn1DUcaeA7W4PQ","expires_in":3600,"token_type":"Bearer"}
Awesome so it is working great :).
@SamTV12345 I have seen your new commit: https://github.com/ether/etherpad-lite/commit/d64924e9f56bbb69be32f57e66272eb6b886b3fe in where you are suggesting to use code
instated of client_credentials
which is not working. So far client_credentials
seems correct.
@SamTV12345 I have seen your new commit: d64924e in where you are suggesting to use
code
instated ofclient_credentials
which is not working. So farclient_credentials
seems correct.
Is it really working?
@SamTV12345 yes, from my side client_credentials
is working: https://github.com/ether/etherpad-lite/pull/6328#issuecomment-2067620881
@webzwo0i What do you think? Do we need anything else?
Is it possible to add expiration date that is greater than 3600s?