Skip to content

Commit

Permalink
update minTTL condition to apply only for access tokens
Browse files Browse the repository at this point in the history
  • Loading branch information
@lbalmaceda
lbalmaceda committed Oct 29, 2020
1 parent d889a6e commit 460a9dc
Showing 1 changed file with 15 additions and 9 deletions.
24 changes: 15 additions & 9 deletions auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ public void saveCredentials(@NonNull Credentials credentials) {
throw new CredentialsManagerException("Credentials must have a valid date of expiration and a valid access_token or id_token value.");
}

long expiresAt = calculateExpiresAt(credentials);
long expiresAt = calculateCacheExpiresAt(credentials);

storage.store(KEY_ACCESS_TOKEN, credentials.getAccessToken());
storage.store(KEY_REFRESH_TOKEN, credentials.getRefreshToken());
Expand Down Expand Up @@ -103,7 +103,7 @@ public void getCredentials(@NonNull BaseCallback<Credentials, CredentialsManager
* or if the tokens have already expired and the refresh_token is null.
*
* @param scope the scope to request for the access token. If null is passed, the previous scope will be kept.
* @param minTtl the minimum time in seconds that both the access token and id token should last before expiration.
* @param minTtl the minimum time in seconds that the access token should last before expiration.
* @param callback the callback that will receive a valid {@link Credentials} or the {@link CredentialsManagerException}.
*/
public void getCredentials(@Nullable String scope, final int minTtl, @NonNull final BaseCallback<Credentials, CredentialsManagerException> callback) {
Expand All @@ -124,10 +124,11 @@ public void getCredentials(@Nullable String scope, final int minTtl, @NonNull fi
return;
}

boolean willExpire = willExpire(cacheExpiresAt, minTtl);
boolean hasEitherExpired = hasExpired(cacheExpiresAt);
boolean willAccessTokenExpire = willExpire(expiresAt, minTtl);
boolean scopeChanged = hasScopeChanged(storedScope, scope);

if (!willExpire && !scopeChanged) {
if (!hasEitherExpired && !willAccessTokenExpire && !scopeChanged) {
callback.onSuccess(recreateCredentials(idToken, accessToken, tokenType, refreshToken, new Date(expiresAt), storedScope));
return;
}
Expand All @@ -143,10 +144,11 @@ public void getCredentials(@Nullable String scope, final int minTtl, @NonNull fi
request.start(new AuthenticationCallback<Credentials>() {
@Override
public void onSuccess(@Nullable Credentials fresh) {
long nextCacheExpiresAt = calculateExpiresAt(fresh);
boolean willExpire = willExpire(nextCacheExpiresAt, minTtl);
if (willExpire) {
long tokenLifetime = (nextCacheExpiresAt - getCurrentTimeInMillis() - minTtl * 1000) / -1000;
//noinspection ConstantConditions
long expiresAt = fresh.getExpiresAt().getTime();
boolean willAccessTokenExpire = willExpire(expiresAt, minTtl);
if (willAccessTokenExpire) {
long tokenLifetime = (expiresAt - getCurrentTimeInMillis() - minTtl * 1000) / -1000;
CredentialsManagerException wrongTtlException = new CredentialsManagerException(String.format("The lifetime of the renewed Access Token or Id Token (%d) is less than the minTTL requested (%d). Increase the 'Token Expiration' setting of your Auth0 API or the 'ID Token Expiration' of your Auth0 Application in the dashboard, or request a lower minTTL.", tokenLifetime, minTtl));
callback.onFailure(wrongTtlException);
return;
Expand Down Expand Up @@ -183,7 +185,11 @@ private boolean willExpire(long expiresAt, long minTtl) {
return expiresAt <= nextClock;
}

private long calculateExpiresAt(@NonNull Credentials credentials) {
private boolean hasExpired(long expiresAt) {
return expiresAt <= getCurrentTimeInMillis();
}

private long calculateCacheExpiresAt(@NonNull Credentials credentials) {
long expiresAt = credentials.getExpiresAt().getTime();

if (credentials.getIdToken() != null) {
Expand Down

0 comments on commit 460a9dc

Please sign in to comment.