Skip to content

Commit

Permalink
Returns the oauth access token "expires at" date
Browse files Browse the repository at this point in the history
- in case the server did return it

Fixes: SE-13502
  • Loading branch information
mkeckmkeck committed Sep 4, 2024
1 parent 3b0f08b commit ff79afc
Showing 1 changed file with 11 additions and 8 deletions.
19 changes: 11 additions & 8 deletions src/main/java/sirius/web/security/oauth/ReceivedTokens.java
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,12 @@
* @param accessToken the access token received from the authorization server
* @param refreshToken the refresh token received from the authorization server
* @param type the type of the tokens received from the authorization server, e.g. "Bearer" or "MAC"
* @param accessTokenExpiresAt the date at which the access token expires, might be null if the server response
* contains no information
* @param refreshTokenExpiresAt the date at which the refresh token expires, might be estimated if no JWT bearer
* token is given
*/
public record ReceivedTokens(String accessToken, String refreshToken, String type,
public record ReceivedTokens(String accessToken, String refreshToken, String type, LocalDateTime accessTokenExpiresAt,
LocalDateTime refreshTokenExpiresAt) {

private static final long TWO_DAYS_IN_SECONDS = 2 * 24 * 60 * 60L;
Expand All @@ -41,26 +43,27 @@ public static ReceivedTokens fromJson(ObjectNode response) {
String accessToken = response.required(OAuth.ACCESS_TOKEN).asText("");
String refreshToken = response.required(OAuth.REFRESH_TOKEN).asText("");
String type = response.required(OAuth.TOKEN_TYPE).asText("");
long accessTokenExpiresIn = response.path(OAuth.EXPIRES_IN).asLong(0L);
LocalDateTime accessTokenExpiresAt = LocalDateTime.now().plusSeconds(accessTokenExpiresIn);
if (OAuth.TOKEN_TYPE_BEARER.equalsIgnoreCase(type)) {
try {
// Try to read the exact refresh token expiration date from the JWT token itself
LocalDateTime refreshTokenExpiresAt =
JWT.decode(refreshToken).getExpiresAtAsInstant().atZone(ZoneOffset.UTC).toLocalDateTime();
return new ReceivedTokens(accessToken, refreshToken, type, refreshTokenExpiresAt);
return new ReceivedTokens(accessToken, refreshToken, type, accessTokenExpiresAt, refreshTokenExpiresAt);
} catch (JWTDecodeException exception) {
// No valid JWT, fall back to implementation from OAuth expires_in or the default value
}
}

// Check if the 'expires in' field, actually meant for the access token, is better than our default tomorrow.
long expiresIn = response.path(OAuth.EXPIRES_IN).asLong(0L);
if (expiresIn > TWO_DAYS_IN_SECONDS) {
LocalDateTime expiresDate = LocalDateTime.now().plusSeconds(expiresIn);
return new ReceivedTokens(accessToken, refreshToken, type, expiresDate);
// Check if the 'expires in' field, actually meant for the access token, is better than our refresh token
// default expires value tomorrow.
if (accessTokenExpiresIn > TWO_DAYS_IN_SECONDS) {
return new ReceivedTokens(accessToken, refreshToken, type, accessTokenExpiresAt, accessTokenExpiresAt);
}

// Use default value tomorrow, we expect a refresh token to be valid at least for one more day
LocalDateTime expiresDate = LocalDateTime.now().plusDays(MINIMUM_REFRESH_EXPIRES_DAYS);
return new ReceivedTokens(accessToken, refreshToken, type, expiresDate);
return new ReceivedTokens(accessToken, refreshToken, type, accessTokenExpiresAt, expiresDate);
}
}

0 comments on commit ff79afc

Please sign in to comment.