Skip to content

Commit

Permalink
fix(oauth): add exp to idToken (#20694) (#20903)
Browse files Browse the repository at this point in the history 
(cherry picked from commit e0ed7d3)

Co-authored-by: William Luke <william@atto-byte.com>
  • Loading branch information
@mergify @williamluke4
mergify[bot] and williamluke4 committed May 4, 2023
1 parent e106594 commit 1a8e671
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 0 deletions.
3 changes: 3 additions & 0 deletions frappe/oauth.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -331,6 +331,8 @@ def finalize_id_token(self, id_token, token, token_handler, request):

userinfo = get_userinfo(user)

id_token["exp"] = id_token.get("iat") + token.get("expires_in")

if userinfo.get("iss"):
id_token["iss"] = userinfo.get("iss")

Expand Down Expand Up @@ -363,6 +365,7 @@ def get_authorization_code_scopes(self, client_id, code, redirect_uri, request):

def get_jwt_bearer_token(self, token, token_handler, request):
now = datetime.datetime.now()

id_token = dict(
aud=token.client_id,
iat=round(now.timestamp()),
Expand Down
1 change: 1 addition & 0 deletions frappe/tests/test_oauth20.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -335,6 +335,7 @@ def decode_id_token(self, id_token):
audience=self.client_id,
key=self.client_secret,
algorithms=["HS256"],
options={"verify_signature": True, "require": ["exp", "iat", "aud"]},
)


Expand Down

0 comments on commit 1a8e671

Please sign in to comment.