feat(auth): kick clients and publishers when auth token expires#5813
feat(auth): kick clients and publishers when auth token expires#5813thejoeejoee wants to merge 7 commits into
Conversation
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #5813 +/- ##
==========================================
- Coverage 62.73% 62.73% -0.01%
==========================================
Files 243 243
Lines 21176 21231 +55
==========================================
+ Hits 13285 13319 +34
- Misses 6764 6776 +12
- Partials 1127 1136 +9 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
|
This is interesting, my architectural concern is that in this implementation, the component in charge of periodically checking the JWT is the path, while i would have preferred readers to do this check by themselves. But the drawback of moving this logic into readers is that you have to write a dedicated check in each reader type. Furthermore, a thing that's missing is that publisher's JWTs must be checked too. |
Path felt like the right place since it already owns the lifecycle of both readers and publishers (add/remove/close) — avoids duplicating the ticker logic in each reader/publisher type. If you'd prefer it per-reader though, I could extract a shared helper to keep it DRY.
they're already checked here too, checkAuthExpiry() kicks both expired readers and the publisher: |
813ed1a to
8210974
Compare
Periodic check of auth token expiration for connected readers and publishers. Expired clients are disconnected. Configurable via authCheckInterval (default 30s, 0 to disable). Generic naming (authCheckInterval, AuthExpiry) allows future extension to external auth re-validation or JWKS re-fetch.
cbec46f to
d8243c0
Compare
Periodic check of auth token expiration for connected readers and publishers. Expired clients are disconnected.
Generic naming allows future extension to external auth re-validation or JWKS re-fetch.
Closes #4300