Closed mimooh closed 1 year ago
jimdigriz
commented
1 year ago Please see https://github.com/jimdigriz/freeradius-oauth2-perl/issues/9
We have to use polling to catch updates to things like account expiry, password changes and group memberships. This is what the polling cycle is for.
The best approach is to use webhooks, but a 'Plan B' could be to instead use the Azure Graph API HTTP long-poll support (if that is supported).
Is this just just otherwise a question?
mimooh
commented
1 year ago So it would be costly to pass all unnecessary login/pass queries to azure, as I get it. I don't have an opinion on that, just trying to understand the reasoning. I don't have any further questions or ideas for disabling syncing, no. Thanks for this module, we are implementing it in our university and hopefully we will soon use it in production.
jimdigriz
commented
1 year ago Correct, it is slow sending the authentication to Azure, so if you have already seen a successful authentication there is a lot of value in caching (salted hashed) credentials locally. We just need to know when to expire the local caching entries which is why we poll Azure.
I'll close the ticket if you have no more questions, but do re-open another issue if you have anything else you want to ask about.
Hi, just curious: is the 30seconds azure syncing all about checking out which azure users are still available? In case we find out early that user's account is expired then we don't bother with azure login (becaue we know it will fail) and this is why we are syncing?