Skip to content

Commit

Permalink
Check the expiry date for inactive OIDC tokens
Browse files Browse the repository at this point in the history
  • Loading branch information
sberyozkin committed Mar 13, 2023
1 parent 48032c6 commit f16e383
Showing 1 changed file with 13 additions and 8 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -227,16 +227,10 @@ public TokenIntrospection apply(TokenIntrospection introspectionResult, Throwabl
}
if (!Boolean.TRUE.equals(introspectionResult.getBoolean(OidcConstants.INTROSPECTION_TOKEN_ACTIVE))) {
LOG.debugf("Token issued to client %s is not active", oidcConfig.clientId.get());
verifyTokenExpiry(introspectionResult.getLong(OidcConstants.INTROSPECTION_TOKEN_EXP));
throw new AuthenticationFailedException();
}
if (isTokenExpired(introspectionResult.getLong(OidcConstants.INTROSPECTION_TOKEN_EXP))) {
String error = String.format("Token issued to client %s has expired",
oidcConfig.clientId.get());
LOG.debugf(error);
throw new AuthenticationFailedException(
new InvalidJwtException(error,
List.of(new ErrorCodeValidator.Error(ErrorCodes.EXPIRED, error)), null));
}
verifyTokenExpiry(introspectionResult.getLong(OidcConstants.INTROSPECTION_TOKEN_EXP));
try {
verifyTokenAge(introspectionResult.getLong(OidcConstants.INTROSPECTION_TOKEN_IAT));
} catch (InvalidJwtException ex) {
Expand All @@ -246,6 +240,17 @@ public TokenIntrospection apply(TokenIntrospection introspectionResult, Throwabl
return introspectionResult;
}

private void verifyTokenExpiry(Long exp) {
if (isTokenExpired(exp)) {
String error = String.format("Token issued to client %s has expired",
oidcConfig.clientId.get());
LOG.debugf(error);
throw new AuthenticationFailedException(
new InvalidJwtException(error,
List.of(new ErrorCodeValidator.Error(ErrorCodes.EXPIRED, error)), null));
}
}

});
}

Expand Down

0 comments on commit f16e383

Please sign in to comment.