Fix how to compute timeout for communication with ad

src/main/java/com/authlete/jaxrs/server/ServerConfig.java

@@ -44,6 +44,7 @@ public class ServerConfig
  private static final String AUTHLETE_AD_ASYNC_READ_TIMEOUT_KEY = "authlete.ad.async.read_timeout";
  private static final String AUTHLETE_AD_POLL_CONNECT_TIMEOUT_KEY = "authlete.ad.poll.connect_timeout";
  private static final String AUTHLETE_AD_POLL_READ_TIMEOUT_KEY = "authlete.ad.poll.read_timeout";
+ private static final String AUTHLETE_AD_AUTH_TIMEOUT_RATIO_KEY = "authlete.ad.auth_timeout_ratio";
 
 
  /**
@@ -56,6 +57,7 @@ public class ServerConfig
  private static final int DEFAULT_AUTHLETE_AD_ASYNC_READ_TIMEOUT = 10000; // 10000 milliseconds.
  private static final int DEFAULT_AUTHLETE_AD_POLL_CONNECT_TIMEOUT = 10000; // 10000 milliseconds.
  private static final int DEFAULT_AUTHLETE_AD_POLL_READ_TIMEOUT = 10000; // 10000 milliseconds.
+ private static final float DEFALUT_AUTHLETE_AD_AUTH_TIMEOUT_RATIO = 0.8f;
 
 
  /**
@@ -69,6 +71,7 @@ public class ServerConfig
  private static final int AUTHLETE_AD_ASYNC_READ_TIMEOUT = sProperties.getInt(AUTHLETE_AD_ASYNC_READ_TIMEOUT_KEY, DEFAULT_AUTHLETE_AD_ASYNC_READ_TIMEOUT);
  private static final int AUTHLETE_AD_POLL_CONNECT_TIMEOUT = sProperties.getInt(AUTHLETE_AD_POLL_CONNECT_TIMEOUT_KEY, DEFAULT_AUTHLETE_AD_POLL_CONNECT_TIMEOUT);
  private static final int AUTHLETE_AD_POLL_READ_TIMEOUT = sProperties.getInt(AUTHLETE_AD_POLL_READ_TIMEOUT_KEY, DEFAULT_AUTHLETE_AD_POLL_READ_TIMEOUT);
+ private static final float AUTHLETE_AD_AUTH_TIMEOUT_RATIO = sProperties.getFloat(AUTHLETE_AD_AUTH_TIMEOUT_RATIO_KEY, DEFALUT_AUTHLETE_AD_AUTH_TIMEOUT_RATIO);
 
 
  /**
@@ -142,7 +145,8 @@ public static int getAuthleteAdSyncConnectTimeout()
  * (read timeout) = (the duration of an <code>'auth_req_id'</code> in milliseconds) + (the value returned by this method)
  * </p>
  *
- * For more details, see the implementation of {@link com.authlete.jaxrs.server.ad.AuthenticationDevice
+ * For more details, see {@link com.authlete.jaxrs.server.ad.AuthenticationDevice#syncAuth(String, String, int, String)
+ * syncAuth} method in {@link com.authlete.jaxrs.server.ad.AuthenticationDevice
  * AuthenticationDevice}.
  *
  * @return
@@ -250,4 +254,37 @@ public static int getAuthleteAdPollReadTimeout()
  {
  return AUTHLETE_AD_POLL_READ_TIMEOUT;
  }
+
+
+ /**
+ * Get the ratio of timeout for end-user authentication/authorization on the
+ * authentication device (<a href="https://cibasim.authlete.com">Authlete CIBA
+ * authentication device simulator</a>) to the duration of an <code>'auth_req_id'</code>.
+ * Must be specified between 0.0 and 1.0.
+ *
+ * <p>
+ * This value is used to compute the timeout value based on the duration of
+ * an <code>'auth_req_id'</code> as below.
+ * </p>
+ *
+ * <p style="border: solid 1px black; padding: 0.5em;">
+ * (timeout in seconds) = (the value returned by this method) * (the duration of an <code>'auth_req_id'</code> in seconds)
+ * </p>
+ *
+ * For more details, see {@link com.authlete.jaxrs.server.api.backchannel.BaseAuthenticationDeviceProcessor#computeAuthTimeout
+ * computeAuthTimeout()} method in {@link com.authlete.jaxrs.server.api.backchannel.BaseAuthenticationDeviceProcessor
+ * BaseAuthenticationDeviceProcessor}.
+ *
+ * @return
+ * The ratio of timeout for end-user authentication/authorization on
+ * the authentication device (<a href="https://cibasim.authlete.com">Authlete
+ * CIBA authentication device simulator</a>) to the duration
+ * of an <code>'auth_req_id'</code>.
+ *
+ * @see <a href="https://cibasim.authlete.com">Authlete CIBA authentication device simulator</a>
+ */
+ public static float getAuthleteAdAuthTimeoutRatio()
+ {
+ return AUTHLETE_AD_AUTH_TIMEOUT_RATIO;
+ }
 }

src/main/java/com/authlete/jaxrs/server/ad/AuthenticationDevice.java

@@ -50,8 +50,8 @@ public class AuthenticationDevice
  * by <a href="https://app.swaggerhub.com/apis-docs/Authlete/cibasim">Authlete
  * CIBA authentication device simulator API</a>.
  */
- public static final int AUTHENTICATION_TIMEOUT_MIN = 5;
- public static final int AUTHENTICATION_TIMEOUT_MAX = 60;
+ public static final int AUTH_TIMEOUT_MIN = 5;
+ public static final int AUTH_TIMEOUT_MAX = 60;
 
 
  /**

src/main/java/com/authlete/jaxrs/server/api/backchannel/BaseAuthenticationDeviceProcessor.java

@@ -26,6 +26,7 @@
 import com.authlete.common.dto.BackchannelAuthenticationCompleteRequest.Result;
 import com.authlete.common.types.User;
 import com.authlete.jaxrs.BackchannelAuthenticationCompleteRequestHandler;
+import com.authlete.jaxrs.server.ServerConfig;
 import com.authlete.jaxrs.server.ad.AuthenticationDevice;
 
 
@@ -47,6 +48,13 @@
  */
 public abstract class BaseAuthenticationDeviceProcessor implements AuthenticationDeviceProcessor
 {
+ /**
+ * The ratio of timeout for end-user authentication/authorization on the authentication
+ * device to the duration of an 'auth_req_id'
+ */
+ private static final float AUTH_TIMEOUT_RATIO = ServerConfig.getAuthleteAdAuthTimeoutRatio();
+
+
  protected final String mTicket;
  protected final User mUser;
  protected final String mClientName;
@@ -343,32 +351,34 @@ protected int computeAuthTimeout()
  // for end-user authentication/authorization should be shorter than the
  // duration of the 'auth_req_id'.
 
- // If the duration of the 'auth_req_id' is shorter than the minimum value
- // of the timeout.
- if (mExpiresIn < AuthenticationDevice.AUTHENTICATION_TIMEOUT_MIN)
+ // First, compute the value of the timeout based on the duration of the
+ // 'auth_req_id'.
+ int authTimeout = (int)(AUTH_TIMEOUT_RATIO * mExpiresIn);
+
+ // If the computed timeout is shorter than the minimum value of the timeout.
+ if (authTimeout < AuthenticationDevice.AUTH_TIMEOUT_MIN)
  {
- // In this case, the duration of the 'auth_req_id' is too short. Then,
- // end-user authentication/authorization cannot be done before the
- // 'auth_req_id' expires.
+ // In this case, the computed timeout value is too short to perform
+ // end-user authentication/authorization on the authentication device.
 
  // TODO: For now, we throw an exception here but there might be better
  // ways for this case.
  throw new IllegalStateException(
- "End-user authentication/authorization cannot be done before the 'auth_req_id' expires " +
- "because the duratin of the 'auth_req_id' is too short.");
+ "The timeout for end-user authentication/authorization on the " +
+ "authentication device was computed based on the duration of " +
+ "the 'auth_req_id' but the computed timeout value is shorter " +
+ "than the allowed minimum value.");
  }
 
- // If the duration of the 'auth_req_id' is larger than the maximum value
- // of the timeout.
- if (AuthenticationDevice.AUTHENTICATION_TIMEOUT_MAX < mExpiresIn)
+ // If the computed timeout value is larger than the maximum value of the
+ // timeout.
+ if (AuthenticationDevice.AUTH_TIMEOUT_MAX < authTimeout)
  {
  // Use the maximum value.
- return AuthenticationDevice.AUTHENTICATION_TIMEOUT_MAX;
+ return AuthenticationDevice.AUTH_TIMEOUT_MAX;
  }
 
- // The duration of the 'auth_req_id' is in a range from the minimum value
- // to the maximum value, then just use the duration as the value of timeout.
- return mExpiresIn;
+ return authTimeout;
  }