Use max refresh token expiration time in production
Keep the value low for dev so that I can test that we recover well.
This commit is contained in:
parent
942fc42d5f
commit
ae4be91d52
3 changed files with 28 additions and 6 deletions
16
arcgis.go
16
arcgis.go
|
|
@ -56,7 +56,7 @@ type OAuthTokenResponse struct {
|
|||
}
|
||||
|
||||
// Build the ArcGIS authorization URL with PKCE
|
||||
func buildArcGISAuthURL(clientID string, expiration int) string {
|
||||
func buildArcGISAuthURL(clientID string) string {
|
||||
baseURL := "https://www.arcgis.com/sharing/rest/oauth2/authorize/"
|
||||
|
||||
params := url.Values{}
|
||||
|
|
@ -65,6 +65,16 @@ func buildArcGISAuthURL(clientID string, expiration int) string {
|
|||
params.Add("response_type", "code")
|
||||
//params.Add("code_challenge", generateCodeChallenge(codeVerifier))
|
||||
//params.Add("code_challenge_method", "S256")
|
||||
|
||||
// See https://developers.arcgis.com/rest/users-groups-and-items/token/
|
||||
// expiration is defined in minutes
|
||||
var expiration int
|
||||
if IsProductionEnvironment() {
|
||||
// 2 weeks is the maximum allowed
|
||||
expiration = 20160
|
||||
} else {
|
||||
expiration = 20
|
||||
}
|
||||
params.Add("expiration", strconv.Itoa(expiration))
|
||||
|
||||
return baseURL + "?" + params.Encode()
|
||||
|
|
@ -456,8 +466,8 @@ func maintainOAuth(ctx context.Context, oauth *models.OauthToken) error {
|
|||
if err != nil {
|
||||
return fmt.Errorf("Failed to update oauth token from database: %v", err)
|
||||
}
|
||||
accessTokenDelay := time.Until(oauth.AccessTokenExpires) - (10 * time.Second)
|
||||
refreshTokenDelay := time.Until(oauth.RefreshTokenExpires) - (10 * time.Second)
|
||||
accessTokenDelay := time.Until(oauth.AccessTokenExpires) - (3 * time.Second)
|
||||
refreshTokenDelay := time.Until(oauth.RefreshTokenExpires) - (3 * time.Second)
|
||||
if oauth.AccessTokenExpires.Before(time.Now()) {
|
||||
accessTokenDelay = 0
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,8 +12,7 @@ import (
|
|||
)
|
||||
|
||||
func getArcgisOauthBegin(w http.ResponseWriter, r *http.Request) {
|
||||
expiration := 60
|
||||
authURL := buildArcGISAuthURL(ClientID, expiration)
|
||||
authURL := buildArcGISAuthURL(ClientID)
|
||||
http.Redirect(w, r, authURL, http.StatusFound)
|
||||
}
|
||||
|
||||
|
|
|
|||
15
main.go
15
main.go
|
|
@ -18,7 +18,7 @@ import (
|
|||
|
||||
var sessionManager *scs.SessionManager
|
||||
|
||||
var BaseURL, ClientID, ClientSecret string
|
||||
var BaseURL, ClientID, ClientSecret, Environment string
|
||||
|
||||
func main() {
|
||||
ClientID = os.Getenv("ARCGIS_CLIENT_ID")
|
||||
|
|
@ -40,6 +40,15 @@ func main() {
|
|||
if bind == "" {
|
||||
bind = ":9001"
|
||||
}
|
||||
Environment = os.Getenv("ENVIRONMENT")
|
||||
if Environment == "" {
|
||||
slog.Error("You must specify a non-empty ENVIRONMENT")
|
||||
os.Exit(1)
|
||||
}
|
||||
if !(Environment == "PRODUCTION" || Environment == "DEVELOPMENT") {
|
||||
slog.Error("ENVIRONMENT should be either DEVELOPMENT or PRODUCTION", slog.String("ENVIRONMENT", Environment))
|
||||
os.Exit(2)
|
||||
}
|
||||
pg_dsn := os.Getenv("POSTGRES_DSN")
|
||||
if pg_dsn == "" {
|
||||
slog.Error("You must specify a non-empty POSTGRES_DSN")
|
||||
|
|
@ -132,3 +141,7 @@ func main() {
|
|||
|
||||
slog.Info("Shutdown complete")
|
||||
}
|
||||
|
||||
func IsProductionEnvironment() bool {
|
||||
return Environment == "PRODUCTION"
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue