Comments (2)
Very strange behavior using parentheses to background subshells in bash.
The following command launches 10 ils processes which overlap over each other, and all of them succeed in listing the actual irods directory for the current logged in user.
ils & ils & ils & ils & ils & ils & ils & ils & ils & ils
The following command launches 10 ils processes in a for loop using parentheses subshells which overlap with each other, and most of them fail and think they are supposed to be listing the irods directory for the 'rods' user, which is not the currently logged in user:
for i in {0..9}; do (ils &); done
This does not occur when logged in as the system user 'irods' and running commands as the irods user 'rods'. All succeed. Suggests it is related to the auth plugin.
from irods_auth_plugin_openid.
Verified that authorization periods can overlap as of this commit:
c325bee
Callback requests from the openid provider can also be received and returned to the proper plugin instance in a different order than the authorization processes were started (iinit).
- Two system users (separate ~/.irods directories)
- Two irods accounts, with the subject id linked to their account (iadmin aua)
Process:
- Run iinit for both system users, one directly after the other.
- Now each of their agent-side plugins is waiting on the redirect_server mechanism to receive the authorization callbacks from the openid provider after the users log in using a browser.
- Each user can browse to the proper authorization url provided to them by the plugin.
- The redirect_server will receive reach callback from the openid provider after the user logs in.
- The 'state' param on these requests map to the auth request instances from the irods plugin.
- The redirect_server will route the authorization_code from these callbacks to the proper agent-side plugin through a Unix domain socket they are waiting on (up to 30 sec).
- Each agent-side plugin will proceed with their process of exchanging the authorization_code for the id_token, access_token, and refresh_token.
- The client-side plugins waiting on their corresponding sockets will receive the user/session information as well as the actual rcAuthResponse response, and exit.
from irods_auth_plugin_openid.
Related Issues (20)
- Enable use of externally generated access tokens for automated login flows HOT 1
- Update to reflect new token service api
- Review plugin for memory deallocation
- Don't create a multiple session entries per user
- Enable SSL on session exchange port
- Change formating of session file to include token type metadata
- Enable use of long-lived user keys from the auth microservice
- location of auth_microservice repo HOT 3
- Segfault when ssl certificates are not found
- enable per-provider scopes, with default
- Clean up output
- user_name empty when iput a file via iRODS OAuth plugin
- cmake does not search for all required dependencies
- Can this setup be used in MetaLnx? HOT 1
- Implement ability to specify multiple oidc providers, and per-provider scopes HOT 1
- Saving then reading pw (session token) client-side fails when length is close to MAX_PASSWORD_LEN HOT 1
- Use token microservice to handle acquiring, storage, and refreshing of oauth2 tokens
- force re-authentication whenever user runs iinit
- Implement oidc login flow in PRC
- Implement configurable time to wait for a user login to be detected
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from irods_auth_plugin_openid.