Auth: Make token cache lifetimes configurable rucio#6494

Introduce two new configuration options: [oidc] token_min_lifetime = ... token_max_lifetime = ... The first dictates what is the minimum remaining lifetime that is required before the cache considers the token to be expired. The second dictates the maximum amount of time a token may remain in the cache (not to be confused with what is configured for the Rucio client in the token provider). Both must be expressed in seconds.
dchristidis · Feb 13, 2024 · 607854f · 607854f
1 parent 474ecdc
commit 607854f
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/lib/rucio/core/oidc.py b/lib/rucio/core/oidc.py
@@ -58,8 +58,8 @@
 
 # The WLCG Common JWT Profile dictates that the lifetime of access and ID tokens
 # should range from five minutes to six hours.
-TOKEN_MIN_LIFETIME: Final = int(timedelta(minutes=5).total_seconds())
-TOKEN_MAX_LIFETIME: Final = int(timedelta(hours=6).total_seconds())
+TOKEN_MIN_LIFETIME: Final = config_get_int('oidc', 'token_min_lifetime', default=300)
+TOKEN_MAX_LIFETIME: Final = config_get_int('oidc', 'token_max_lifetime', default=21600)
 
 REGION: Final = make_region_memcached(expiration_time=TOKEN_MAX_LIFETIME)
 METRICS = MetricManager(module=__name__)