cater for 0 from oidc_session_get_access_token_expires

as this is the default value when not found in the session Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
OpenIDC · Mar 1, 2024 · 8a3d71e · 8a3d71e
1 parent fff609e
commit 8a3d71e
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/src/handle/refresh.c b/src/handle/refresh.c
@@ -393,7 +393,7 @@ apr_byte_t oidc_refresh_access_token_before_expiry(request_rec *r, oidc_cfg *cfg
 		return TRUE;
 
 	t_expires = oidc_session_get_access_token_expires(r, session);
-	if (t_expires == -1) {
+	if (t_expires <= 0) {
 		oidc_debug(r, "no access token expires_in stored in the session (i.e. returned from in the "
 			      "authorization response), so cannot refresh the access token based on TTL requirement");
 		return FALSE;

diff --git a/src/mod_auth_openidc.c b/src/mod_auth_openidc.c
@@ -904,7 +904,7 @@ static apr_byte_t oidc_userinfo_create_signed_jwt(request_rec *r, oidc_cfg *cfg,
 		access_token_expires = oidc_session_get_access_token_expires(r, session);
 		json_object_set_new(
 		    jwt->payload.value.json, OIDC_CLAIM_EXP,
-		    json_integer(access_token_expires != -1
+		    json_integer(access_token_expires > 0
 				     ? access_token_expires
 				     : apr_time_sec(apr_time_now()) + OIDC_USERINFO_SIGNED_JWT_EXPIRE_DEFAULT));
 	}