fix: handle ID token expiry time and premature expiration MONGOSH-2145 MONGOSH-2147 by addaleax · Pull Request #211 · mongodb-js/oidc-plugin

addaleax · 2025-04-11T14:46:16Z

fix: use ID token expiry if `passIdTokenAsAccessToken` is set MONGOSH-2145

fix: do not return token to driver which is being rejected MONGOSH-2147

Ensure that we do not return tokens from a token set that the driver
is currently rejecting (in the sense of calling the OIDC callback
again and referring to it via the driver refreshToken property).

…-2145

Ensure that we do not return tokens from a token set that the driver is currently rejecting (in the sense of calling the OIDC callback again and referring to it via the driver `refreshToken` property).

lerouxb · 2025-04-14T09:59:32Z

src/plugin.ts

+    const tokenSetId = getStableTokenSetId(state.currentTokenSet.set);
+
+    // We would not want to return the access token or ID token of a token set whose
+    // accompanying refresh token was passed to us by


passed to us by what?

Yeah, thanks for pointing this out 😅 Was meant to be the driver, fixed this in 61e6147

fix: use ID token expiry if passIdTokenAsAccessToken is set MONGOSH…

74fbc57

…-2145

github-actions bot added the fix label Apr 11, 2025

addaleax force-pushed the 2147-dev branch from 681fadf to 7ba666c Compare April 11, 2025 14:55

fix: do not return token to driver which is being rejected MONGOSH-2147

b4e59a2

Ensure that we do not return tokens from a token set that the driver is currently rejecting (in the sense of calling the OIDC callback again and referring to it via the driver `refreshToken` property).

addaleax force-pushed the 2147-dev branch from 7ba666c to b4e59a2 Compare April 11, 2025 14:59

fixup: reduce test flakiness

5de0231

addaleax force-pushed the 2147-dev branch from 3d1caa8 to 5de0231 Compare April 11, 2025 16:03

lerouxb approved these changes Apr 14, 2025

View reviewed changes

lerouxb reviewed Apr 14, 2025

View reviewed changes

addaleax added 6 commits April 30, 2025 12:32

fixup: review comment

61e6147

fixup: reduce flakiness by injecting Date.now

157b416

fixup: account for UUID in newer server versions

729d85a

fixup: doh

bae5c14

fixup: broader uuid connectionStatus filter

e997782

fixup: check

bf5fe9e

addaleax merged commit a7534cc into main Apr 30, 2025
11 of 18 checks passed

addaleax deleted the 2147-dev branch April 30, 2025 15:24

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: handle ID token expiry time and premature expiration MONGOSH-2145 MONGOSH-2147#211

fix: handle ID token expiry time and premature expiration MONGOSH-2145 MONGOSH-2147#211
addaleax merged 9 commits intomainfrom
2147-dev

addaleax commented Apr 11, 2025

Uh oh!

lerouxb Apr 14, 2025

Uh oh!

addaleax Apr 30, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

addaleax commented Apr 11, 2025

fix: use ID token expiry if passIdTokenAsAccessToken is set MONGOSH-2145

fix: do not return token to driver which is being rejected MONGOSH-2147

Uh oh!

lerouxb Apr 14, 2025

Choose a reason for hiding this comment

Uh oh!

addaleax Apr 30, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

fix: use ID token expiry if `passIdTokenAsAccessToken` is set MONGOSH-2145