Skip to content
This repository was archived by the owner on Jun 23, 2023. It is now read-only.

Make id token lifetime configurable #77

Merged
merged 1 commit into from
Jun 1, 2021
Merged

Make id token lifetime configurable #77

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 2 additions & 3 deletions src/oidcop/token/id_token.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@
"client_secret_jwt": "HS256",
"private_key_jwt": "RS256",
}
DEF_LIFETIME = 300


def include_session_id(endpoint_context, client_id, where):
Expand Down Expand Up @@ -241,7 +240,7 @@ def sign_encrypt(
)

if lifetime is None:
lifetime = DEF_LIFETIME
lifetime = self.lifetime

_jwt = JWT(_context.keyjar, iss=_context.issuer, lifetime=lifetime, **alg_dict)

Expand All @@ -261,7 +260,7 @@ def __call__(self, session_id: Optional[str] = "", ttype: Optional[str] = "", **
else:
xargs = {}

lifetime = self.kwargs.get("lifetime")
lifetime = self.lifetime

# Weed out stuff that doesn't belong here
kwargs = {k: v for k, v in kwargs.items() if k in ["encrypt", "code", "access_token"]}
Expand Down
35 changes: 34 additions & 1 deletion tests/test_05_id_token.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ def full_path(local_file):

USERS = json.loads(open(full_path("users.json")).read())
USERINFO = UserInfo(USERS)
LIFETIME = 200

AREQ = AuthorizationRequest(
response_type="code",
Expand Down Expand Up @@ -91,7 +92,8 @@ def full_path(local_file):
"base_claims": {
"email": {"essential": True},
"email_verified": {"essential": True},
}
},
"lifetime": LIFETIME,
},
},
},
Expand Down Expand Up @@ -397,6 +399,37 @@ def test_available_claims(self):
res = _jwt.unpack(id_token.value)
assert "nickname" in res

def test_lifetime_default(self):
session_id = self._create_session(AREQ)
grant = self.session_manager[session_id]

id_token = self._mint_id_token(grant, session_id)

client_keyjar = KeyJar()
_jwks = self.endpoint_context.keyjar.export_jwks()
client_keyjar.import_jwks(_jwks, self.endpoint_context.issuer)
_jwt = JWT(key_jar=client_keyjar, iss="client_1")
res = _jwt.unpack(id_token.value)

assert res["exp"] - res["iat"] == LIFETIME

def test_lifetime(self):
lifetime = 100

self.session_manager.token_handler["id_token"].lifetime = lifetime
session_id = self._create_session(AREQ)
grant = self.session_manager[session_id]

id_token = self._mint_id_token(grant, session_id)

client_keyjar = KeyJar()
_jwks = self.endpoint_context.keyjar.export_jwks()
client_keyjar.import_jwks(_jwks, self.endpoint_context.issuer)
_jwt = JWT(key_jar=client_keyjar, iss="client_1")
res = _jwt.unpack(id_token.value)

assert res["exp"] - res["iat"] == lifetime

def test_no_available_claims(self):
session_id = self._create_session(AREQ)
grant = self.session_manager[session_id]
Expand Down