IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

OAuth: Increase state cookie max age (#27258)

Browse Source 
60s can be too short if the oauth provider is slow
for some reason and its defintly too slow if the
OAuth provider requires 2FA.

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
This commit is contained in:
Carl Bergquist 2020-09-01 10:57:43 +02:00 committed by GitHub
parent 8ec2aa02c6
commit 8faaa1a520
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
conf/defaults.ini
View File

@ -301,8 +301,8 @@ signout_redirect_url =
# This setting is ignored if multiple OAuth providers are configured.
oauth_auto_login = false
# OAuth state max age cookie duration. Defaults to 60 seconds.
oauth_state_cookie_max_age = 60
# OAuth state max age cookie duration in seconds. Defaults to 600 seconds.
oauth_state_cookie_max_age = 600
# limit of api_key seconds to live before expiration
api_key_max_seconds_to_live = -1

4
conf/sample.ini
View File

@ -300,8 +300,8 @@
# This setting is ignored if multiple OAuth providers are configured.
;oauth_auto_login = false
# OAuth state max age cookie duration. Defaults to 60 seconds.
;oauth_state_cookie_max_age = 60
# OAuth state max age cookie duration in seconds. Defaults to 600 seconds.
;oauth_state_cookie_max_age = 600
# limit of api_key seconds to live before expiration
;api_key_max_seconds_to_live = -1

2
docs/sources/administration/configuration.md
View File

@ -646,7 +646,7 @@ This setting is ignored if multiple OAuth providers are configured. Default is `
### oauth_state_cookie_max_age
How long the OAuth state cookie lives before being deleted. Default is `60` (seconds)
How many seconds the OAuth state cookie lives before being deleted. Default is `600` (seconds)
Administrators can increase this if they experience OAuth login state mismatch errors.
### api_key_max_seconds_to_live

2
pkg/setting/setting.go
View File

@ -1009,7 +1009,7 @@ func readAuthSettings(iniFile *ini.File, cfg *Cfg) error {
DisableLoginForm = auth.Key("disable_login_form").MustBool(false)
DisableSignoutMenu = auth.Key("disable_signout_menu").MustBool(false)
OAuthAutoLogin = auth.Key("oauth_auto_login").MustBool(false)
cfg.OAuthCookieMaxAge = auth.Key("oauth_state_cookie_max_age").MustInt(60)
cfg.OAuthCookieMaxAge = auth.Key("oauth_state_cookie_max_age").MustInt(600)
SignoutRedirectUrl, err = valueAsString(auth, "signout_redirect_url", "")
if err != nil {
return err