diff --git a/cmd/dex/config.go b/cmd/dex/config.go
index dde369783e5367c0052e249f94a208e890b12c99..0071b4fdd27edffaee30194e4e9c8ce3975d2157 100644
--- a/cmd/dex/config.go
+++ b/cmd/dex/config.go
@@ -233,6 +233,9 @@ type Expiry struct {
// IdTokens defines the duration of time for which the IdTokens will be valid.
IDTokens string `json:"idTokens"`
+
+ // AuthRequests defines the duration of time for which the AuthRequests will be valid.
+ AuthRequests string `json:"authRequests"`
}
// Logger holds configuration required to customize logging for dex.
diff --git a/cmd/dex/config_test.go b/cmd/dex/config_test.go
index e1b29f7886513fa78e04cdb1cfb1a55865348483..5ed8a58ef2e57b06bced5278cbc0815228ee6c3d 100644
--- a/cmd/dex/config_test.go
+++ b/cmd/dex/config_test.go
@@ -64,6 +64,7 @@ staticPasswords:
expiry:
signingKeys: "6h"
idTokens: "24h"
+ authRequests: "24h"
logger:
level: "debug"
@@ -131,8 +132,9 @@ logger:
},
},
Expiry: Expiry{
- SigningKeys: "6h",
- IDTokens: "24h",
+ SigningKeys: "6h",
+ IDTokens: "24h",
+ AuthRequests: "24h",
},
Logger: Logger{
Level: "debug",
diff --git a/cmd/dex/serve.go b/cmd/dex/serve.go
index dcc0c35239873387d363dc161fc71d898f4bf9ea..10200a30cbbedd0f16d34e5e132fe02f5e9e0943 100644
--- a/cmd/dex/serve.go
+++ b/cmd/dex/serve.go
@@ -242,6 +242,14 @@ func serve(cmd *cobra.Command, args []string) error {
logger.Infof("config id tokens valid for: %v", idTokens)
serverConfig.IDTokensValidFor = idTokens
}
+ if c.Expiry.AuthRequests != "" {
+ authRequests, err := time.ParseDuration(c.Expiry.AuthRequests)
+ if err != nil {
+ return fmt.Errorf("invalid config value %q for auth request expiry: %v", c.Expiry.AuthRequests, err)
+ }
+ logger.Infof("config auth requests valid for: %v", authRequests)
+ serverConfig.AuthRequestsValidFor = authRequests
+ }
serv, err := server.NewServer(context.Background(), serverConfig)
if err != nil {
diff --git a/server/handlers.go b/server/handlers.go
index acbd19bf35751274e4bf4fb13c92284240fd5f68..b309191dfbb67c782cee668f5928cfdb9f35f55a 100644
--- a/server/handlers.go
+++ b/server/handlers.go
@@ -160,7 +160,7 @@ func (s *Server) handleAuthorization(w http.ResponseWriter, r *http.Request) {
// screen too long.
//
// See: https://github.com/dexidp/dex/issues/646
- authReq.Expiry = s.now().Add(24 * time.Hour) // Totally arbitrary value.
+ authReq.Expiry = s.now().Add(s.authRequestsValidFor)
if err := s.storage.CreateAuthRequest(authReq); err != nil {
s.logger.Errorf("Failed to create authorization request: %v", err)
s.renderError(w, http.StatusInternalServerError, "Failed to connect to the database.")
diff --git a/server/server.go b/server/server.go
index adf872eb7df8294a0ae123d72775f5612c506295..cf9f7b47f260096aad2ce810a24a4da6e67f164b 100644
--- a/server/server.go
+++ b/server/server.go
@@ -68,8 +68,9 @@ type Config struct {
// Logging in implies approval.
SkipApprovalScreen bool
- RotateKeysAfter time.Duration // Defaults to 6 hours.
- IDTokensValidFor time.Duration // Defaults to 24 hours
+ RotateKeysAfter time.Duration // Defaults to 6 hours.
+ IDTokensValidFor time.Duration // Defaults to 24 hours
+ AuthRequestsValidFor time.Duration // Defaults to 24 hours
GCFrequency time.Duration // Defaults to 5 minutes
@@ -137,7 +138,8 @@ type Server struct {
now func() time.Time
- idTokensValidFor time.Duration
+ idTokensValidFor time.Duration
+ authRequestsValidFor time.Duration
logger logrus.FieldLogger
}
@@ -197,6 +199,7 @@ func newServer(ctx context.Context, c Config, rotationStrategy rotationStrategy)
storage: newKeyCacher(c.Storage, now),
supportedResponseTypes: supported,
idTokensValidFor: value(c.IDTokensValidFor, 24*time.Hour),
+ authRequestsValidFor: value(c.AuthRequestsValidFor, 24*time.Hour),
skipApproval: c.SkipApprovalScreen,
now: now,
templates: tmpls,