我们希望创建一个“持久”的令牌用于集成测试。我们使用一个keycloak来创建令牌。但是我看不出有可能创建一个没有过期的令牌,这样在dev-stage上重复进行的集成测试就可以在不中断的情况下完成。对于这种关于oauth的自动重复测试,你有什么建议?
kuarbcqp1#
所有的访问令牌都应该在某个时间点过期,这就是为什么rfc详细说明了刷新令牌的使用,它可以无限期地用来保持你的服务运行,基本思想是,当你请求一个访问令牌时,你会得到一个访问令牌和一个刷新令牌,当第一个令牌过期时,你把它发送到keycloak服务器,它会重新生成一个新的访问令牌和一个新的刷新令牌。在实践中,只要令牌有效,您就应该使用令牌(因为您事先知道它的寿命),当令牌即将过期时,您可以使用刷新令牌重新发送请求。源代码:RFC oauth2
bcs8qyzn2#
在开始集成测试之前,为访问令牌留出更长的时间(几天)如何?完成集成测试后,返回默认时间(5分钟)。这是我的演示测试步骤1.获取领域访问令牌的主令牌并分配令牌变量x1c 0d1xx 1c 1d 1x1.获取my-realm的领域数据这是默认的my-realm的设置数据
{ "id": "my-realm", "realm": "my-realm", "notBefore": 0, "defaultSignatureAlgorithm": "RS256", "revokeRefreshToken": false, "refreshTokenMaxReuse": 0, "accessTokenLifespan": 300, "accessTokenLifespanForImplicitFlow": 900, "ssoSessionIdleTimeout": 1800, "ssoSessionMaxLifespan": 36000, "ssoSessionIdleTimeoutRememberMe": 0, "ssoSessionMaxLifespanRememberMe": 0, "offlineSessionIdleTimeout": 2592000, "offlineSessionMaxLifespanEnabled": false, "offlineSessionMaxLifespan": 5184000, "clientSessionIdleTimeout": 0, "clientSessionMaxLifespan": 0, "clientOfflineSessionIdleTimeout": 0, "clientOfflineSessionMaxLifespan": 0, "accessCodeLifespan": 60, "accessCodeLifespanUserAction": 300, "accessCodeLifespanLogin": 1800, "actionTokenGeneratedByAdminLifespan": 43200, "actionTokenGeneratedByUserLifespan": 300, "oauth2DeviceCodeLifespan": 600, "oauth2DevicePollingInterval": 5, "enabled": true, "sslRequired": "external", "registrationAllowed": false, "registrationEmailAsUsername": false, "rememberMe": false, "verifyEmail": false, "loginWithEmailAllowed": true, "duplicateEmailsAllowed": false, "resetPasswordAllowed": false, "editUsernameAllowed": false, "bruteForceProtected": false, "permanentLockout": false, "maxFailureWaitSeconds": 900, "minimumQuickLoginWaitSeconds": 60, "waitIncrementSeconds": 60, "quickLoginCheckMilliSeconds": 1000, "maxDeltaTimeSeconds": 43200, "failureFactor": 30, "defaultRole": { "id": "3798f9f6-3383-474e-997e-123d9b534ae4", "name": "default-roles-my-realm", "description": "${role_default-roles}", "composite": true, "clientRole": false, "containerId": "my-realm" }, "requiredCredentials": [ "password" ], "otpPolicyType": "totp", "otpPolicyAlgorithm": "HmacSHA1", "otpPolicyInitialCounter": 0, "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, "otpSupportedApplications": [ "FreeOTP", "Google Authenticator" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ "ES256" ], "webAuthnPolicyRpId": "", "webAuthnPolicyAttestationConveyancePreference": "not specified", "webAuthnPolicyAuthenticatorAttachment": "not specified", "webAuthnPolicyRequireResidentKey": "not specified", "webAuthnPolicyUserVerificationRequirement": "not specified", "webAuthnPolicyCreateTimeout": 0, "webAuthnPolicyAvoidSameAuthenticatorRegister": false, "webAuthnPolicyAcceptableAaguids": [], "webAuthnPolicyPasswordlessRpEntityName": "keycloak", "webAuthnPolicyPasswordlessSignatureAlgorithms": [ "ES256" ], "webAuthnPolicyPasswordlessRpId": "", "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", "webAuthnPolicyPasswordlessCreateTimeout": 0, "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, "webAuthnPolicyPasswordlessAcceptableAaguids": [], "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", "xXSSProtection": "1; mode=block", "strictTransportSecurity": "max-age=31536000; includeSubDomains" }, "smtpServer": {}, "eventsEnabled": false, "eventsListeners": [ "jboss-logging" ], "enabledEventTypes": [], "adminEventsEnabled": false, "adminEventsDetailsEnabled": false, "identityProviders": [], "identityProviderMappers": [], "internationalizationEnabled": false, "supportedLocales": [], "browserFlow": "browser", "registrationFlow": "registration", "directGrantFlow": "direct grant", "resetCredentialsFlow": "reset credentials", "clientAuthenticationFlow": "clients", "dockerAuthenticationFlow": "docker auth", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", "oauth2DeviceCodeLifespan": "600", "oauth2DevicePollingInterval": "5", "parRequestUriLifespan": "60", "cibaInterval": "5" }, "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] }, "clientPolicies": { "policies": [] } }
1.延长记录器的访问期限(2天)令牌生存期我已将accessTokenLifespan值从300更改为172800(= 3600 * 24 *2)秒使用PUT方法更新领域数据在Keycloak的UI中,访问令牌寿命将更改为2天x1c4d 1x API调用的状态应返回204(无内容)1.运行集成测试1.返回2.的默认(或上一个)生存期
2条答案
按热度按时间kuarbcqp1#
所有的访问令牌都应该在某个时间点过期,这就是为什么rfc详细说明了刷新令牌的使用,它可以无限期地用来保持你的服务运行,基本思想是,当你请求一个访问令牌时,你会得到一个访问令牌和一个刷新令牌,当第一个令牌过期时,你把它发送到keycloak服务器,它会重新生成一个新的访问令牌和一个新的刷新令牌。
在实践中,只要令牌有效,您就应该使用令牌(因为您事先知道它的寿命),当令牌即将过期时,您可以使用刷新令牌重新发送请求。
源代码:RFC oauth2
bcs8qyzn2#
在开始集成测试之前,为访问令牌留出更长的时间(几天)如何?
完成集成测试后,返回默认时间(5分钟)。
这是我的演示测试步骤
1.获取领域访问令牌的主令牌并分配令牌变量x1c 0d1xx 1c 1d 1x
1.获取my-realm的领域数据
这是默认的my-realm的设置数据
1.延长记录器的访问期限(2天)令牌生存期我已将accessTokenLifespan值从300更改为172800(= 3600 * 24 *2)秒使用PUT方法更新领域数据
在Keycloak的UI中,访问令牌寿命将更改为2天x1c4d 1x API调用的状态应返回204(无内容)
1.运行集成测试
1.返回2.的默认(或上一个)生存期