Skip to content

Commit

Permalink
Fixes accessTokenExpiresAt default value
Browse files Browse the repository at this point in the history
- as per RFC the containing field is optional
- the accessTokenExpiresAt is not strictly required by our implementations as well
- so make it null in case it cannot be determined from server response

Fixes: SE-13502
  • Loading branch information
mkeckmkeck committed Sep 4, 2024
1 parent ff79afc commit 3f6ad00
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion src/main/java/sirius/web/security/oauth/ReceivedTokens.java
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,8 @@ public static ReceivedTokens fromJson(ObjectNode response) {
String refreshToken = response.required(OAuth.REFRESH_TOKEN).asText("");
String type = response.required(OAuth.TOKEN_TYPE).asText("");
long accessTokenExpiresIn = response.path(OAuth.EXPIRES_IN).asLong(0L);
LocalDateTime accessTokenExpiresAt = LocalDateTime.now().plusSeconds(accessTokenExpiresIn);
LocalDateTime accessTokenExpiresAt =
accessTokenExpiresIn > 0 ? LocalDateTime.now().plusSeconds(accessTokenExpiresIn) : null;
if (OAuth.TOKEN_TYPE_BEARER.equalsIgnoreCase(type)) {
try {
// Try to read the exact refresh token expiration date from the JWT token itself
Expand Down

0 comments on commit 3f6ad00

Please sign in to comment.