Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

STS authentication doesn't seem to deal with slight time deviations #1133

Open
ramondeklein opened this issue Jul 15, 2024 · 0 comments
Open

STS authentication doesn't seem to deal with slight time deviations #1133

ramondeklein opened this issue Jul 15, 2024 · 0 comments
Assignees
@ebozduman

Comments

@ramondeklein
Copy link
Contributor

When fetching temporary credentials using STS, the returned credentials have an expiration date. When the credentials are used, then this expiration is used. It's generally better to shorten the expiration, so it can deal with:

  1. Latency between expiration check on the client and processing the actual signed request on the server.
  2. Small time deviations between client and server.

The minio-go code deals with this when storing the expiration in the client. It's always stored by decreasing the expiration date using a fixed duration or sets it at 80% of the original expiration. That will ensure that the credentials are refreshed well before they expire.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ebozduman ebozduman

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ramondeklein @ebozduman