Open
Conversation
lmeyerov
reviewed
Mar 9, 2026
| self.idp_name: Optional[str] = None | ||
| self.sso_state: Optional[str] = None | ||
| self.sso_state_created_at: Optional[float] = None | ||
| self.sso_state_ttl_s: int = get_from_env("GRAPHISTRY_SSO_STATE_TTL_S", int, 300) |
Contributor
There was a problem hiding this comment.
how do we know this is 300? I couldn't find , closest I saw was this: https://github.com/graphistry/graphistry/blob/eb8aba35feba0fdf85d1c99b163c89d30cd4d816/apps/core/nexus/nexus/allauth_ext/socialaccount/providers/openid_connect/client.py#L56
lmeyerov
reviewed
Mar 9, 2026
|
|
||
| created_at = self.session.sso_state_created_at | ||
| ttl = self.session.sso_state_ttl_s | ||
| if created_at is not None and (time.time() - created_at) > ttl: |
Contributor
There was a problem hiding this comment.
- especially as we're not confident of SSO expiry, instead of being preemptive and risk being wrong, probably better to instead limit this to a nicer error message in the case of a failure
Ex:
- try to do the action against the server
- server raises an exn
- we catch the exn, and if flagged as a potential sso expiry, stack the exns so they get both messages (important to get both, not just potentially incorrectly cloud with this)
- i'm unsure if this is the right place to detect such an expiry; it'd be good to test that the correct library point is being tested (live test, vs synthetic)
lmeyerov
requested changes
Mar 9, 2026
Contributor
lmeyerov
left a comment
lmeyerov
left a comment
There was a problem hiding this comment.
See comments -
-
the time mechanism looks unreliable, so rather make it a cleaner exn re-raise vs proactive due to danger of FPs
-
should check whether
300is the sane default -
would like confirmation test was on a live sso timeout, vs just synthetic testing, so we know we're catching at the right callsite
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue: https://github.com/graphistry/clients/blob/dbt-sso-databricks-issue/DBT/sso-databricks-issue/github_issues/pygraphistry-004-sso-state-ttl-enforcement.md