Pass only proxyConfig to getRefreshedToken

gogatekeeper · Feb 3, 2021 · 2d7d94f · 2d7d94f
1 parent 4aca380
commit 2d7d94f
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 5 deletions.
diff --git a/forwarding.go b/forwarding.go
@@ -185,7 +185,7 @@ func (r *oauthProxy) forwardProxyHandler() func(*http.Request, *http.Response) {
 						zap.String("expires", state.expiration.Format(time.RFC3339)))
 
 					// step: attempt to refresh the access
-					token, rawToken, newRefreshToken, expiration, _, err := getRefreshedToken(conf, r, state.refresh)
+					token, rawToken, newRefreshToken, expiration, _, err := getRefreshedToken(conf, r.config, state.refresh)
 					state.rawToken = rawToken
 					if err != nil {
 						state.login = true

diff --git a/middleware.go b/middleware.go
@@ -251,7 +251,7 @@ func (r *oauthProxy) authenticationMiddleware() func(http.Handler) http.Handler
 					// exp: expiration of the access token
 					// expiresIn: expiration of the ID token
 					conf := r.newOAuth2Config(r.config.RedirectionURL)
-					_, newRawAccToken, newRefreshToken, accessExpiresAt, refreshExpiresIn, err := getRefreshedToken(conf, r, refresh)
+					_, newRawAccToken, newRefreshToken, accessExpiresAt, refreshExpiresIn, err := getRefreshedToken(conf, r.config, refresh)
 					if err != nil {
 						switch err {
 						case ErrRefreshTokenExpired:

diff --git a/oauth.go b/oauth.go
@@ -58,13 +58,13 @@ func (r *oauthProxy) newOAuth2Config(redirectionURL string) *oauth2.Config {
 // NOTE: we may be able to extract the specific (non-standard) claim refresh_expires_in and refresh_expires
 // from response.RawBody.
 // When not available, keycloak provides us with the same (for now) expiry value for ID token.
-func getRefreshedToken(conf *oauth2.Config, r *oauthProxy, t string) (jwt.JSONWebToken, string, string, time.Time, time.Duration, error) {
+func getRefreshedToken(conf *oauth2.Config, proxyConfig *Config, t string) (jwt.JSONWebToken, string, string, time.Time, time.Duration, error) {
 	ctx, cancel := context.WithTimeout(
 		context.Background(),
-		r.config.OpenIDProviderTimeout,
+		proxyConfig.OpenIDProviderTimeout,
 	)
 
-	if r.config.SkipOpenIDProviderTLSVerify {
+	if proxyConfig.SkipOpenIDProviderTLSVerify {
 		tr := &http.Transport{
 			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
 		}