Skip to content

Commit

Permalink
save sso cache token expiresAt in UTC (#2709)
Browse files Browse the repository at this point in the history
  • Loading branch information
clhuang authored Aug 24, 2024
1 parent 87cea8b commit d7a7f5a
Show file tree
Hide file tree
Showing 5 changed files with 78 additions and 4 deletions.
8 changes: 8 additions & 0 deletions .changelog/ebcf2e12f2ba4d0f9aa44b48b850c41f.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{
"id": "ebcf2e12-f2ba-4d0f-9aa4-4b48b850c41f",
"type": "bugfix",
"description": "Save SSO cached token expiry in UTC to ensure cross-SDK compatibility.",
"modules": [
"credentials"
]
}
2 changes: 1 addition & 1 deletion credentials/ssocreds/sso_cached_token.go
Original file line number Diff line number Diff line change
Expand Up @@ -225,7 +225,7 @@ func (r *rfc3339) UnmarshalJSON(bytes []byte) (err error) {
}

func (r *rfc3339) MarshalJSON() ([]byte, error) {
value := time.Time(*r).Format(time.RFC3339)
value := time.Time(*r).UTC().Format(time.RFC3339)

// Use JSON unmarshal to unescape the quoted value making use of JSON's
// quoting rules.
Expand Down
41 changes: 39 additions & 2 deletions credentials/ssocreds/sso_cached_token_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,24 @@ func TestLoadCachedToken(t *testing.T) {
},
},
},
"non-utc token": {
filename: filepath.Join("testdata", "non_utc_token.json"),
expectToken: token{
tokenKnownFields: tokenKnownFields{
AccessToken: "dGhpcyBpcyBub3QgYSByZWFsIHZhbHVl",
ExpiresAt: (*rfc3339)(aws.Time(time.Date(2044, 4, 4, 7, 0, 1, 0, time.UTC))),
ClientID: "client id",
ClientSecret: "client secret",
RefreshToken: "refresh token",
},
UnknownFields: map[string]interface{}{
"unknownField": "some value",
"registrationExpiresAt": "2044-04-04T07:00:01Z",
"region": "region",
"startURL": "start URL",
},
},
},
}

for name, c := range cases {
Expand All @@ -120,7 +138,7 @@ func TestLoadCachedToken(t *testing.T) {
t.Fatalf("expect no error, got %v", err)
}

if diff := cmpDiff(c.expectToken, actualToken); diff != "" {
if diff := cmpDiffToken(c.expectToken, actualToken); diff != "" {
t.Errorf("expect tokens match\n%s", diff)
}
})
Expand Down Expand Up @@ -162,6 +180,25 @@ func TestStoreCachedToken(t *testing.T) {
},
},
},
"non-utc token": {
filename: filepath.Join(tempDir, "token_file.json"),
fileMode: 0600,
token: token{
tokenKnownFields: tokenKnownFields{
AccessToken: "dGhpcyBpcyBub3QgYSByZWFsIHZhbHVl",
ExpiresAt: (*rfc3339)(aws.Time(time.Date(2044, 4, 4, 7, 0, 1, 0, time.FixedZone("UTC-8", -8*60*60)))),
ClientID: "client id",
ClientSecret: "client secret",
RefreshToken: "refresh token",
},
UnknownFields: map[string]interface{}{
"unknownField": "some value",
"registrationExpiresAt": "2044-04-04T07:00:01Z",
"region": "region",
"startURL": "start URL",
},
},
},
}

for name, c := range cases {
Expand All @@ -176,7 +213,7 @@ func TestStoreCachedToken(t *testing.T) {
t.Fatalf("failed to load stored token, %v", err)
}

if diff := cmpDiff(c.token, actual); diff != "" {
if diff := cmpDiffToken(c.token, actual); diff != "" {
t.Errorf("expect tokens match\n%s", diff)
}
})
Expand Down
18 changes: 17 additions & 1 deletion credentials/ssocreds/sso_token_provider_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ func TestSSOTokenProvider(t *testing.T) {
},
}

if diff := cmpDiff(expect, actual); diff != "" {
if diff := cmpDiffToken(expect, actual); diff != "" {
return fmt.Errorf("expect token file match\n%s", diff)
}
return nil
Expand Down Expand Up @@ -233,3 +233,19 @@ func cmpDiff(e, a interface{}) string {
}
return ""
}

func cmpDiffToken(e token, a token) string {
if !reflect.DeepEqual(e.UnknownFields, a.UnknownFields) {
return fmt.Sprintf("%v != %v", e, a)
}
// treats token times as the same if they are the same in UTC
if time.Time(*e.ExpiresAt).UTC() != time.Time(*a.ExpiresAt).UTC() {
return fmt.Sprintf("%v != %v", e, a)
}
eTokenKnownFields := e.tokenKnownFields
eTokenKnownFields.ExpiresAt = a.tokenKnownFields.ExpiresAt
if !reflect.DeepEqual(eTokenKnownFields, a.tokenKnownFields) {
return fmt.Sprintf("%v != %v", e, a)
}
return ""
}
13 changes: 13 additions & 0 deletions credentials/ssocreds/testdata/non_utc_token.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
{
"accessToken": "dGhpcyBpcyBub3QgYSByZWFsIHZhbHVl",
"expiresAt": "2044-04-04T00:00:01-07:00",

"refreshToken": "refresh token",
"clientId": "client id",
"clientSecret": "client secret",

"unknownField": "some value",
"region": "region",
"registrationExpiresAt": "2044-04-04T07:00:01Z",
"startURL": "start URL"
}

0 comments on commit d7a7f5a

Please sign in to comment.