Comments (3)
fullykubed
commented on July 21, 2024
Additional info: Does not matter whether use_global_settings is true or false.
from authentik.
BeryJu
commented on July 21, 2024
From quickly looking through the code I can see how this would happen if the token expires and is rotated (when the token is rotated we currently default to the default expiry value which is 30 minutes)
from authentik.
fullykubed
commented on July 21, 2024
While I could be confusing terms, I believe the issue we have found is specifically with token creation during the recovery flows.
In other words:
- No token / active recovery flow exists for the user
- Click create recovery link / send recovery email for the user
- Notice that the new token is created in the
authentik_core_tokentable but that it will always have an expiration time 30 minutes in the future regardless of thetoken_expirysetting. - Validate that after 30 minutes the reset links do not work.
from authentik.
Related Issues (20)
- Deadlock reported by database HOT 6
- Missing Space in Login Screen for Applications HOT 2
- Jellyfin LDAP Bind User Permissions HOT 2
- OIDC Error - POST default-provider-authorization-explicit-consent - duplicate key value violates unique constraint HOT 1
- Generated recovery link doesn't bypass email stage
- Automatic Outpost Deployment via Docker Integration prodouces invalid Traefik Labels HOT 3
- Creating application or provider via core API causes validation errors HOT 4
- federated
- ldap_sync shows last synced with "[object Object]" with no further error details
- [OAuth2] How to handle migration to 2024.4.2 HOT 1
- German login message misses a blank HOT 4
- Canβt log in : showing [objet] [object] instead user login field HOT 2
- Not getting custom user attribute in LDAP
- SAML Provider with ecdsa certificate HOT 1
- Authentik + traefik labels doesn't promt for authentication.Β HOT 2
- Harbor documentation is incorrect and should include offline_access OIDC scope
- Check password policy against a custom service HOT 1
- Nginx forward auth is looking at the X-Original-URI header instead of X-Original-URL
- Same username in different OIDC federation sources cannot be used
- Persistent SSL Certificate Verification Issues with LDAP Outpost HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authentik.