Increase minimum token life required

MIN_TOKEN_LIFE_SECONDS is the number of seconds that the token provided must be valid for to be used when making authentication requests. 1 second has always been a dumb number and was not based on any existing value. Because a user token may be reused by a service to make requests on behalf of a user if the token is valid when sent it may not be valid for the life of the request. 2 minutes is also an arbitrary value, but it should allow plenty of time for service requests to complete before being rejected. Closes-Bug: #1441910 Change-Id: I395a0770e72d1ec7904e656ca382a5270f793a8b
2015-04-02 10:15:29 +11:00 · 2015-04-02 10:15:29 +11:00 · af6f1924eb
parent 746131c0ea
commit af6f1924eb
1 changed files with 3 additions and 2 deletions
--- a/keystoneclient/auth/identity/base.py
+++ b/keystoneclient/auth/identity/base.py
@ -34,8 +34,9 @@ def get_options():
@six.add_metaclass(abc.ABCMeta)
 class BaseIdentityPlugin(base.BaseAuthPlugin):

-    # we count a token as valid if it is valid for at least this many seconds
-    MIN_TOKEN_LIFE_SECONDS = 1
+    # we count a token as valid (not needing refreshing) if it is valid for at
+    # least this many seconds before the token expiry time
+    MIN_TOKEN_LIFE_SECONDS = 120

    def __init__(self,
                 auth_url=None,