File tree Expand file tree Collapse file tree 3 files changed +42
-3
lines changed Expand file tree Collapse file tree 3 files changed +42
-3
lines changed Original file line number Diff line number Diff line change 11package entraid
22
3+ import "time"
4+
35const (
46 DefaultExpirationRefreshRatio = 0.7
57 DefaultRetryOptionsMaxAttempts = 3
68 DefaultRetryOptionsInitialDelayMs = 1000
79 DefaultRetryOptionsBackoffMultiplier = 2.0
810 DefaultRetryOptionsMaxDelayMs = 10000
9- MinTokenTTL = 60 * 1000 // 1 minute
11+ MinTokenTTL = 5 * time . Minute
1012)
Original file line number Diff line number Diff line change @@ -90,8 +90,8 @@ var defaultIdentityProviderResponseParser IdentityProviderResponseParserFunc = f
9090 switch response .Type () {
9191 case ResponseTypeAuthResult :
9292 authResult := response .AuthResult ()
93- if authResult .ExpiresOn .Before ( time . Now () ) {
94- return nil , fmt .Errorf ("auth result expired or invalid" )
93+ if authResult .ExpiresOn .IsZero ( ) {
94+ return nil , fmt .Errorf ("auth result invalid" )
9595 }
9696 rawToken = authResult .IDToken .RawToken
9797 username = authResult .IDToken .Oid
@@ -130,12 +130,16 @@ var defaultIdentityProviderResponseParser IdentityProviderResponseParserFunc = f
130130 return nil , fmt .Errorf ("unknown response type: %s" , response .Type ())
131131 }
132132
133+ expiresOn = expiresOn .UTC ()
134+
133135 if expiresOn .IsZero () {
134136 return nil , fmt .Errorf ("expires on is zero" )
135137 }
138+
136139 if expiresOn .Before (time .Now ()) {
137140 return nil , fmt .Errorf ("expires on is in the past" )
138141 }
142+
139143 if time .Until (expiresOn ) < MinTokenTTL {
140144 return nil , fmt .Errorf ("expires on is less than minimum token TTL which is %d" , MinTokenTTL )
141145 }
Original file line number Diff line number Diff line change @@ -459,4 +459,37 @@ func TestDefaultIdentityProviderResponseParser(t *testing.T) {
459459 assert .Error (t , err )
460460 assert .Nil (t , token )
461461 })
462+ t .Run ("Default IdentityProviderResponseParser with expired token" , func (t * testing.T ) {
463+ authResult := & public.AuthResult {
464+ ExpiresOn : time .Now ().Add (- time .Hour ).UTC (),
465+ }
466+ idpResponse , err := NewIDPResponse (ResponseTypeAuthResult ,
467+ authResult )
468+ assert .NoError (t , err )
469+ token , err := defaultIdentityProviderResponseParser (idpResponse )
470+ assert .Error (t , err )
471+ assert .Nil (t , token )
472+ })
473+ t .Run ("Default IdentityProviderResponseParser with token that will expire soon" , func (t * testing.T ) {
474+ authResult := & public.AuthResult {
475+ ExpiresOn : time .Now ().Add (MinTokenTTL ).Add (- time .Minute ).UTC (),
476+ }
477+ idpResponse , err := NewIDPResponse (ResponseTypeAuthResult ,
478+ authResult )
479+ assert .NoError (t , err )
480+ token , err := defaultIdentityProviderResponseParser (idpResponse )
481+ assert .Error (t , err )
482+ assert .Nil (t , token )
483+ })
484+ t .Run ("Default IdentityProviderResponseParser with token that expired" , func (t * testing.T ) {
485+ authResult := & public.AuthResult {
486+ ExpiresOn : time .Now ().Add (- time .Hour ).UTC (),
487+ }
488+ idpResponse , err := NewIDPResponse (ResponseTypeAuthResult ,
489+ authResult )
490+ assert .NoError (t , err )
491+ token , err := defaultIdentityProviderResponseParser (idpResponse )
492+ assert .Error (t , err )
493+ assert .Nil (t , token )
494+ })
462495}
You can’t perform that action at this time.
0 commit comments