Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SDK-3352] Expire credentials based on access token alone #572

Merged
merged 5 commits into from
Jun 20, 2022
Merged

[SDK-3352] Expire credentials based on access token alone #572

merged 5 commits into from
Jun 20, 2022

Conversation

adamjmcgrath
Copy link
Contributor

Changes

The exp claim on the ID token is for validating the token claims when the ID token is processed, not for setting the duration of the session.

References

https://openid.net/specs/openid-connect-core-1_0.html#IDToken:~:text=exp-,REQUIRED.%20Expiration%20time%20on%20or%20after%20which%20the%20ID%20Token%20MUST,iat,-REQUIRED.%20Time%20at

Testing

Please describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. Since this library has unit testing, tests should be added for new functionality and existing tests should complete without errors.

  • This change adds unit test coverage

  • This change adds integration test coverage

  • This change has been tested on the latest version of the platform/language or why not

Checklist

@adamjmcgrath adamjmcgrath requested a review from a team as a code owner June 15, 2022 14:15
adamjmcgrath
adamjmcgrath commented Jun 17, 2022
View reviewed changes
auth0/src/test/java/com/auth0/android/authentication/storage/SecureCredentialsManagerTest.kt
@@ -1080,13 +1080,6 @@ public class SecureCredentialsManagerTest {
MatcherAssert.assertThat(manager.hasValidCredentials(), Is.`is`(true))
}

@Test
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's no logic in hasValidCredentials that checks if the AT and IdT are missing

@poovamraj poovamraj merged commit 5727a1a into vNext Jun 20, 2022
@poovamraj poovamraj added this to the v2-Next milestone Jun 22, 2022
@frederikprijck frederikprijck mentioned this pull request Jul 5, 2022
Merged
@shariqislam786 shariqislam786 mentioned this pull request Jun 26, 2023
Closed
6 tasks
@poovamraj poovamraj deleted the creds-expiry branch July 18, 2023 10:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@poovamraj poovamraj poovamraj approved these changes

Assignees
No one assigned
Labels
CH: Changed
Projects
None yet
Milestone
v2-Next
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@adamjmcgrath @poovamraj