Skip to content

Commit

Permalink
OnBehalfOf claims take second duration (opensearch-project#10664)
Browse files Browse the repository at this point in the history
OnBehalfOf claims take second duration

Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Siddhant Deshmukh <[email protected]>
  • Loading branch information
stephen-crawford authored and deshsidd committed Oct 18, 2023
1 parent ffe24c3 commit 4b33c59
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 49 deletions.
2 changes: 1 addition & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
- Allow mmap to use new JDK-19 preview APIs in Apache Lucene 9.4+ ([#5151](https://github.com/opensearch-project/OpenSearch/pull/5151))
- Add events correlation engine plugin ([#6854](https://github.com/opensearch-project/OpenSearch/issues/6854))
- Introduce new dynamic cluster setting to control slice computation for concurrent segment search ([#9107](https://github.com/opensearch-project/OpenSearch/pull/9107))
- Implement on behalf of token passing for extensions ([#8679](https://github.com/opensearch-project/OpenSearch/pull/8679))
- Implement on behalf of token passing for extensions ([#8679](https://github.com/opensearch-project/OpenSearch/pull/8679), [#10664](https://github.com/opensearch-project/OpenSearch/pull/10664))
- Provide service accounts tokens to extensions ([#9618](https://github.com/opensearch-project/OpenSearch/pull/9618))
- Configurable merge policy for index with an option to choose from LogByteSize and Tiered merge policy ([#9992](https://github.com/opensearch-project/OpenSearch/pull/9992))
- Add search query categorizor ([#10255](https://github.com/opensearch-project/OpenSearch/pull/10255))
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,4 +16,5 @@
public interface AuthToken {

String asAuthHeaderValue();

}
Original file line number Diff line number Diff line change
Expand Up @@ -14,46 +14,17 @@
public class OnBehalfOfClaims {

private final String audience;
private final String subject;
private final Long expiration;
private final Long not_before;
private final Long issued_at;
private final Long expiration_seconds;

/**
* Constructor for OnBehalfOfClaims
* @param aud the Audience for the token
* @param subject the subject of the token
* @param expiration the expiration time in seconds for the token
* @param not_before the not_before time in seconds for the token
* @param issued_at the issued_at time in seconds for the token
*/
public OnBehalfOfClaims(String aud, String subject, Long expiration, Long not_before, Long issued_at) {
this.audience = aud;
this.subject = subject;
this.expiration = expiration;
this.not_before = not_before;
this.issued_at = issued_at;
}

/**
* A constructor that sets a default issued at time of the current time
* @param aud the Audience for the token
* @param subject the subject of the token
* @param expiration the expiration time in seconds for the token
* @param not_before the not_before time in seconds for the token
*/
public OnBehalfOfClaims(String aud, String subject, Long expiration, Long not_before) {
this(aud, subject, expiration, not_before, System.currentTimeMillis() / 1000);
}
* @param expiration_seconds the length of time in seconds the token is valid
/**
* A constructor which sets a default not before time of the current time
* @param aud the Audience for the token
* @param subject the subject of the token
* @param expiration the expiration time in seconds for the token
*/
public OnBehalfOfClaims(String aud, String subject, Long expiration) {
this(aud, subject, expiration, System.currentTimeMillis() / 1000);
public OnBehalfOfClaims(String aud, Long expiration_seconds) {
this.audience = aud;
this.expiration_seconds = expiration_seconds;
}

/**
Expand All @@ -62,26 +33,14 @@ public OnBehalfOfClaims(String aud, String subject, Long expiration) {
* @param subject the subject of the token
*/
public OnBehalfOfClaims(String aud, String subject) {
this(aud, subject, System.currentTimeMillis() / 1000 + 300);
this(aud, 300L);
}

public String getAudience() {
return audience;
}

public String getSubject() {
return subject;
}

public Long getExpiration() {
return expiration;
}

public Long getNot_before() {
return not_before;
}

public Long getIssued_at() {
return issued_at;
return expiration_seconds;
}
}

0 comments on commit 4b33c59

Please sign in to comment.