opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-09-18 23:16:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

OAuth: Increase state cookie max age (#27258)

Browse Source 
60s can be too short if the oauth provider is slow
for some reason and its defintly too slow if the
OAuth provider requires 2FA.

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
This commit is contained in:
Carl Bergquist
2020-09-01 10:57:43 +02:00
committed by GitHub
parent 8ec2aa02c6
commit 8faaa1a520
4 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
conf/defaults.ini
View File

@ -301,8 +301,8 @@ signout_redirect_url =
# This setting is ignored if multiple OAuth providers are configured. # This setting is ignored if multiple OAuth providers are configured.
oauth_auto_login = false oauth_auto_login = false
# OAuth state max age cookie duration. Defaults to 60 seconds. # OAuth state max age cookie duration in seconds. Defaults to 600 seconds.
oauth_state_cookie_max_age = 60 oauth_state_cookie_max_age = 600
# limit of api_key seconds to live before expiration # limit of api_key seconds to live before expiration
api_key_max_seconds_to_live = -1 api_key_max_seconds_to_live = -1

4
conf/sample.ini
View File

@ -300,8 +300,8 @@
# This setting is ignored if multiple OAuth providers are configured. # This setting is ignored if multiple OAuth providers are configured.
;oauth_auto_login = false ;oauth_auto_login = false
# OAuth state max age cookie duration. Defaults to 60 seconds. # OAuth state max age cookie duration in seconds. Defaults to 600 seconds.
;oauth_state_cookie_max_age = 60 ;oauth_state_cookie_max_age = 600
# limit of api_key seconds to live before expiration # limit of api_key seconds to live before expiration
;api_key_max_seconds_to_live = -1 ;api_key_max_seconds_to_live = -1

2
docs/sources/administration/configuration.md
View File

@ -646,7 +646,7 @@ This setting is ignored if multiple OAuth providers are configured. Default is `
### oauth_state_cookie_max_age ### oauth_state_cookie_max_age
How long the OAuth state cookie lives before being deleted. Default is `60` (seconds) How many seconds the OAuth state cookie lives before being deleted. Default is `600` (seconds)
Administrators can increase this if they experience OAuth login state mismatch errors. Administrators can increase this if they experience OAuth login state mismatch errors.
### api_key_max_seconds_to_live ### api_key_max_seconds_to_live

2
pkg/setting/setting.go
View File

@ -1009,7 +1009,7 @@ func readAuthSettings(iniFile *ini.File, cfg *Cfg) error {
DisableLoginForm = auth.Key("disable_login_form").MustBool(false) DisableLoginForm = auth.Key("disable_login_form").MustBool(false)
DisableSignoutMenu = auth.Key("disable_signout_menu").MustBool(false) DisableSignoutMenu = auth.Key("disable_signout_menu").MustBool(false)
OAuthAutoLogin = auth.Key("oauth_auto_login").MustBool(false) OAuthAutoLogin = auth.Key("oauth_auto_login").MustBool(false)
cfg.OAuthCookieMaxAge = auth.Key("oauth_state_cookie_max_age").MustInt(60) cfg.OAuthCookieMaxAge = auth.Key("oauth_state_cookie_max_age").MustInt(600)
SignoutRedirectUrl, err = valueAsString(auth, "signout_redirect_url", "") SignoutRedirectUrl, err = valueAsString(auth, "signout_redirect_url", "")
if err != nil { if err != nil {
return err return err