mirror of
https://github.com/minio/minio.git
synced 2025-01-12 07:23:23 -05:00
claim exp should be integer (#13582)
claim exp can be - float64 - json.Number As per OIDC spec https://openid.net/specs/openid-connect-core-1_0.html#IDToken Avoid using strings since the upstream library only supports these two types now.
This commit is contained in:
parent
01b9ff54d9
commit
112f9ae087
@ -287,8 +287,7 @@ func updateClaimsExpiry(dsecs string, claims map[string]interface{}) error {
|
||||
defaultExpiryDuration = time.Unix(expAt, 0).UTC().Sub(time.Now().UTC())
|
||||
} // else honor the specified expiry duration.
|
||||
|
||||
expiry := time.Now().UTC().Add(defaultExpiryDuration).Unix()
|
||||
claims["exp"] = strconv.FormatInt(expiry, 10) // update with new expiry.
|
||||
claims["exp"] = time.Now().UTC().Add(defaultExpiryDuration).Unix() // update with new expiry.
|
||||
return nil
|
||||
}
|
||||
|
||||
|
@ -19,12 +19,15 @@ package openid
|
||||
|
||||
import (
|
||||
"crypto"
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"net/url"
|
||||
"sync"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
jwtg "github.com/golang-jwt/jwt"
|
||||
jwtm "github.com/minio/minio/internal/jwt"
|
||||
xnet "github.com/minio/pkg/net"
|
||||
)
|
||||
|
||||
@ -202,3 +205,28 @@ func TestDefaultExpiryDuration(t *testing.T) {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestExpCorrect(t *testing.T) {
|
||||
signKey, _ := base64.StdEncoding.DecodeString("NTNv7j0TuYARvmNMmWXo6fKvM4o6nv/aUi9ryX38ZH+L1bkrnD1ObOQ8JAUmHCBq7Iy7otZcyAagBLHVKvvYaIpmMuxmARQ97jUVG16Jkpkp1wXOPsrF9zwew6TpczyHkHgX5EuLg2MeBuiT/qJACs1J0apruOOJCg/gOtkjB4c=")
|
||||
|
||||
claimsMap := jwtm.NewMapClaims()
|
||||
claimsMap.SetExpiry(time.Now().Add(time.Minute))
|
||||
claimsMap.SetAccessKey("test-access")
|
||||
if err := updateClaimsExpiry("3600", claimsMap.MapClaims); err != nil {
|
||||
t.Error(err)
|
||||
}
|
||||
// Build simple toke with updated expiration claim
|
||||
token := jwtg.NewWithClaims(jwtg.SigningMethodHS256, claimsMap)
|
||||
tokenString, err := token.SignedString(signKey)
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
}
|
||||
|
||||
// Parse token to be sure it is valid
|
||||
err = jwtm.ParseWithClaims(tokenString, claimsMap, func(*jwtm.MapClaims) ([]byte, error) {
|
||||
return signKey, nil
|
||||
})
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user