mirror of
https://github.com/minio/minio.git
synced 2024-12-24 22:25:54 -05:00
claim exp should be integer (#13582)
claim exp can be - float64 - json.Number As per OIDC spec https://openid.net/specs/openid-connect-core-1_0.html#IDToken Avoid using strings since the upstream library only supports these two types now.
This commit is contained in:
parent
01b9ff54d9
commit
112f9ae087
@ -287,8 +287,7 @@ func updateClaimsExpiry(dsecs string, claims map[string]interface{}) error {
|
|||||||
defaultExpiryDuration = time.Unix(expAt, 0).UTC().Sub(time.Now().UTC())
|
defaultExpiryDuration = time.Unix(expAt, 0).UTC().Sub(time.Now().UTC())
|
||||||
} // else honor the specified expiry duration.
|
} // else honor the specified expiry duration.
|
||||||
|
|
||||||
expiry := time.Now().UTC().Add(defaultExpiryDuration).Unix()
|
claims["exp"] = time.Now().UTC().Add(defaultExpiryDuration).Unix() // update with new expiry.
|
||||||
claims["exp"] = strconv.FormatInt(expiry, 10) // update with new expiry.
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -19,12 +19,15 @@ package openid
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto"
|
"crypto"
|
||||||
|
"encoding/base64"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"net/url"
|
"net/url"
|
||||||
"sync"
|
"sync"
|
||||||
"testing"
|
"testing"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
jwtg "github.com/golang-jwt/jwt"
|
||||||
|
jwtm "github.com/minio/minio/internal/jwt"
|
||||||
xnet "github.com/minio/pkg/net"
|
xnet "github.com/minio/pkg/net"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -202,3 +205,28 @@ func TestDefaultExpiryDuration(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestExpCorrect(t *testing.T) {
|
||||||
|
signKey, _ := base64.StdEncoding.DecodeString("NTNv7j0TuYARvmNMmWXo6fKvM4o6nv/aUi9ryX38ZH+L1bkrnD1ObOQ8JAUmHCBq7Iy7otZcyAagBLHVKvvYaIpmMuxmARQ97jUVG16Jkpkp1wXOPsrF9zwew6TpczyHkHgX5EuLg2MeBuiT/qJACs1J0apruOOJCg/gOtkjB4c=")
|
||||||
|
|
||||||
|
claimsMap := jwtm.NewMapClaims()
|
||||||
|
claimsMap.SetExpiry(time.Now().Add(time.Minute))
|
||||||
|
claimsMap.SetAccessKey("test-access")
|
||||||
|
if err := updateClaimsExpiry("3600", claimsMap.MapClaims); err != nil {
|
||||||
|
t.Error(err)
|
||||||
|
}
|
||||||
|
// Build simple toke with updated expiration claim
|
||||||
|
token := jwtg.NewWithClaims(jwtg.SigningMethodHS256, claimsMap)
|
||||||
|
tokenString, err := token.SignedString(signKey)
|
||||||
|
if err != nil {
|
||||||
|
t.Error(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Parse token to be sure it is valid
|
||||||
|
err = jwtm.ParseWithClaims(tokenString, claimsMap, func(*jwtm.MapClaims) ([]byte, error) {
|
||||||
|
return signKey, nil
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
t.Error(err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user