-
Notifications
You must be signed in to change notification settings - Fork 3.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Certificate caching issue with 2.0.2? #1033
Comments
@cmcfadden This is interesting, I take it you've installed the |
Yeah, I'm running against the current master head for tedivm/stash (6aec97c9cc413223136e5f62dd200cf5eb932d1b) |
It's definitely odd - here are a few more clues. What's happening is the JWT->verify function is failing for all of the available certs in the cases where it fails. However, it's more sporadic than I first realized. If I repeatedly try to auth, I'll get a mix of successes and failures. Disabling the cache in Verify.php (commenting out the cache fetch in getFederatedSignOnCerts) seems to resolve it consistently - I haven't made it fail ever with that disabled. Unfortunately it doesn't look like it's possible to disable caching entirely if I've got stash loaded for other uses in the app (without modifying verify.php). Very odd. |
One more note - if I just curl the URL for certs, I get back different results pretty consistently - sometimes three certs, sometimes four, and different results for different hosts. Is there somewhere that explains what to expect from that from google? |
I'm running into similar issues on 2.0.3. What happens is that |
I'm using 2.0.2 (installed via composer) and am finding that if you don't manually remove /tmp/stash each day, auth fails during verifyIdToken(). I'm not sure what's up - the cache items aren't due for expiration, so it's not just a failure to purge. Anyone else seeing this?
The text was updated successfully, but these errors were encountered: