What is the timeout value in the specially formatted line for the custom namespace auth?

[ridopark]

Hi,
I'm trying to implement custom auth. I see that the sample app's AuthorizeUser method has this comment as shown below.
/// <returns>Specially formatted line to be returned to SOSS. Line's spec: "permissions {0} timeout minutes {1}",
/// where {0} and {1} should be replaced by two integers. Permission is an integer that describers user's
/// permission based using elements of the SOSSAUTH_PERMISSION enum. E.g. a full Read/Write permission
/// is represented by integer 3.</returns>

What is the timeout here? I couldn't find anything about this in docs. Can someone refer me to the documentation about this? In testing, it seems it's just value for the cache expiration/timeout. Why would this cache expiration be tied to auth?

Thanks

 

[oshmytov]

Hello,

The login timeout in the returned auth decision line indicates how long the login session should last until the session needs to be re-authenticated. The auth sample uses the value of 24 hours. You can make it smaller/larger/dynamic. The minimum timeout value in minutes is 1, and the maximum is 65535.

Thanks,
Oleg.

 

[ridopark]

Hi.
Thanks for replying so quickly!
That's what I thought it would do, but when testing, it does not look like the timeout value is used for the session, but the actual cache object expiration.

I made the custom auth to return this string, "permissions 3 timeout minutes 1", and below is my client code. I expected some exceptions ("NotAuthorizedException" or "TimeoutException") would be thrown after I made it sleep for 61 seconds, but it did not throw anything.

public class CustomLoginModule : ILoginModule
{
    public byte[] GetEncodedCredentials(string cacheName) => Encoding.ASCII.GetBytes("Manager");
}

class Program
{
    static void Main(string[] args)
    {
        const string cacheName = "Nonsensitive";
        var lgnManager = LoginManager.getInstance();
        var lgnModule = new CustomLoginModule();

        // Initialize object to be stored
        var sampleObj = new SampleClass
        {
            var1 = 1948,
            var2 = 1975.07,
            var3 = "Hello, SOSS!"
        };

        try
        {
            lgnManager.Login(cacheName, lgnModule);

            System.Threading.Thread.Sleep(61000);

            // Get a cache
            var cache = CacheFactory.GetCache(cacheName);
            Console.WriteLine("Cache was successfully created/obtained.");

            // Store the object in the cache
            cache["myObj"] = sampleObj;
            Console.WriteLine("Sample object was successfully added to the store.");

            System.Threading.Thread.Sleep(61000);

            // Read the object from the cache
            SampleClass retrievedObj = null;
            retrievedObj = cache["myObj"] as SampleClass;
            Console.WriteLine($"Sample object was successfully read from the store: {retrievedObj.var1}, {retrievedObj.var2}, {retrievedObj.var3}");

            System.Threading.Thread.Sleep(61000);

            // Remove the object from the cache
            cache.Remove("myObj");
            Console.WriteLine("Sample object was successfully removed from the store.");
        }
        catch (Soss.Client.TimeoutException e)
        {
            Console.WriteLine(e);
        }
    }
}

Could you please take a look and let me know what I'm doing wrong?

 

[oshmytov]

You're doing everything correctly. When running the client, you don't see one important step that happens on the backend. When login timeout elapses, the SOSS service calls the auth provider again to re-authenticate the next request to the cache - so the client re-authenticates implicitly instead of throwing any exception.

To summarize, the login timeout value in minutes determines a time threshold when SOSS needs to re-authenticate and re-authorize the next cache-related request from a specific user. Until the login timeout elapses, no authentication checks are performed for the user while it stays logged on.