APIProvider fails to authorize requests 25 minutes after sending the first request

[abdulowork]

How to reproduce:

1. Create an APIProvider and call any request.
2. Sleep for 25 minutes and call another request.

Why it happens:

APIProvider holds a reference to JWTRequestsAuthenticator instance that manages requests authorization.

appstoreconnect-swift-sdk/Sources/APIProvider.swift

Line 104 in 58ab933

private lazy var requestsAuthenticator = JWTRequestsAuthenticator(apiConfiguration: self.configuration)

When JWTRequestsAuthenticator is instantiated it instantiates a JWT object that in turn creates a payload set with an expirationTime = Date().addingTimeInterval(expireDuration).timeIntervalSince1970.

appstoreconnect-swift-sdk/Sources/JWT/JWTRequestsAuthenticator.swift

Line 21 in 58ab933

self.jwtCreator = JWT(keyIdentifier: apiConfiguration.privateKeyID, issuerIdentifier: apiConfiguration.issuerID, expireDuration: 60 * 20)

appstoreconnect-swift-sdk/Sources/JWT/JWT.swift

Lines 97 to 99 in 58ab933

	public init(keyIdentifier: String, issuerIdentifier: String, expireDuration: TimeInterval, baseDate: Date = Date()) {
	header = Header(keyIdentifier: keyIdentifier)
	payload = Payload(issuerIdentifier: issuerIdentifier, expirationTime: baseDate.addingTimeInterval(expireDuration).timeIntervalSince1970)

The expirationTime is thus constant. When JWTRequestsAuthenticator renews the cachedToken, the new token is created with the original expirationTime which makes the jwt token invalid.

[github-actions]

This issue is stale because it has been open for 30 days with no activity. Remove the Stale label or comment or this will be closed in 10 days.

[jordibruin]

@AvdLee was this fixed?