Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rate limit third_party_auth/login requests #246

Open
5 tasks
dianakhuang opened this issue Mar 21, 2023 · 0 comments
Open
5 tasks

Rate limit third_party_auth/login requests #246

dianakhuang opened this issue Mar 21, 2023 · 0 comments

Comments

@dianakhuang
Copy link
Member

dianakhuang commented Mar 21, 2023
edited by robrap
Loading

As part of our investigation into #154, we discovered that the deadlock issue may be caused by the mobile app misbehaving and sending so many login requests in a short period of time that it creates lock contention on the user table.

There is mobile team work to reduce the frequency that mobile logins occur at, but we will want to add throttling to these endpoints in order to prevent any requests from hammering our login endpoint.

See https://github.com/openedx/edx-platform/blob/master/docs/decisions/0009_simplify_ratelimiting.rst for the proper way to add rate limiting.

Acceptance Criteria:

  • Provide early warning to mobile that this is being picked up.
  • Determine the specific mobile endpoint that requires rate limiting (the one with the issue).
  • Investigate throttling of the third party auth endpoints to determine if ADR decisions can be applied.
  • Depending on the complexity of the solution, either create a new ticket for the remaining work or implement throttling our third_party_auth endpoints (even those that are defined in social_django and not in edx-platform).
    • Work with mobile team on testing to ensure we don't break anything.
@dianakhuang dianakhuang converted this from a draft issue Mar 21, 2023
@robrap robrap mentioned this issue Mar 21, 2023
Open
1 task
@dianakhuang dianakhuang moved this to Todo in Arch-BOM Mar 22, 2023
@robrap robrap changed the title Throttle third_party_auth/login requests Rate limit third_party_auth/login requests Apr 21, 2023
@robrap robrap moved this from Prioritized to Groomed in Arch-BOM Apr 25, 2023
@dianakhuang dianakhuang self-assigned this Apr 25, 2023
@dianakhuang dianakhuang moved this from Groomed to In Progress in Arch-BOM Apr 25, 2023
@dianakhuang dianakhuang removed their assignment May 1, 2023
@dianakhuang dianakhuang moved this from In Progress to Prioritized in Arch-BOM May 1, 2023
@robrap robrap moved this from Prioritized to Groomed in Arch-BOM May 1, 2023
@jmbowman jmbowman moved this from Groomed to On-Call in Arch-BOM Jul 20, 2023
@jristau1984 jristau1984 removed the status in Arch-BOM Jul 1, 2024
@jristau1984 jristau1984 moved this to Backlog in Arch-BOM Jul 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Arch-BOM
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dianakhuang @jristau1984