Add OAuth 2.0 access-token authentication for on-premises NoSQL#216
Open
rajdeep714 wants to merge 6 commits into
Open
Add OAuth 2.0 access-token authentication for on-premises NoSQL#216rajdeep714 wants to merge 6 commits into
rajdeep714 wants to merge 6 commits into
Conversation
Schedule reauthentication using the earlier of the OAuth access-token expiry and the NoSQL login-token expiry returned by the proxy. Preserve the current login session when proactive refresh fails and use the request timeout for request-driven login. Add regression coverage for shorter KV sessions, failed refresh callbacks, and OAuth login timeouts.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
for a NoSQL login token through the HTTP proxy.
getAccessTokenInfo().
that omit the principal or switch identity without logout.
and NoSQL login-token expiry.
best-effort session cleanup when the provider closes.
on-premises request-size and rate-limiting behavior.
Reviewed by: Ashutosh, Xiao, Yang
Tests:
-Dtest=OAuthAccessTokenProviderTest,AuthRetryTest test
Dependencies:
Files (Added / Modified / Deleted):
M driver/pom.xml
M driver/src/main/java/oracle/nosql/driver/http/Client.java
and request-size enforcement. Flushes its cached login token and retries once
after AuthenticationException, while preventing repeated retries.
M driver/src/main/java/oracle/nosql/driver/http/NoSQLHandleImpl.java
endpoint, SSL context, and handshake timeout. Reuses the endpoint preparation
logic with StoreAccessTokenProvider.
A driver/src/main/java/oracle/nosql/driver/kv/OAuthAccessTokenProvider.java
the returned NoSQL login token and authenticated principal, refreshes before
the earlier token expiry, rejects principal changes, and performs best-effort
cleanup of rejected or closed sessions.
M driver/src/test/java/oracle/nosql/driver/iam/AuthRetryTest.java
retry, with the second failure returned immediately.
A driver/src/test/java/oracle/nosql/driver/kv/OAuthAccessTokenProviderTest.java
renewal, login-token expiry, refresh failure, cache invalidation, principal
validation, identity changes, missing principals, and logout on close.