Allow expires_at to be a UNIX timestamp #277
Merged
+24
−2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This library currently only handles expires_at properties well when they are provided in ISOString representation. Unlike the expires_in field, the expires_at is not part of the OAuth2 spec, so implementations may vary. Some APIs like the Strava API use a UNIX timestamp (seconds since epoch) in the expires_at field: http://developers.strava.com/docs/authentication/#response-parameters-1 Token refresh will yield "Invalid Date" in the expires_at field when only accepting an ISOString. This patch checks if expires_at is a number and if so assumes it is a UNIX timestamp (seconds since epoch).
ctavan
added a commit
to ctavan/chance-access-token
that referenced
this pull request
Nov 17, 2019
ctavan
commented
Nov 17, 2019
| expireMode: 'expires_at', | ||
| }); | ||
| // Sometimes expires_at is also given as a UNIX timestamp in seconds: | ||
| accessTokenResponse.expires_at = Math.round(new Date(accessTokenResponse.expires_at).getTime() / 1000); |
There was a problem hiding this comment.
Could be improved if jonathansamines/chance-access-token#2 lands
There was a problem hiding this comment.
Since the mentioned change would require breaking the existing public API, will probably take us more time to land. This change looks good as is, will merge it and release a new version and we could update the tests later when the change lands.
|
@ctavan Published as simple-oauth2@3.1.0 |
fmatheus
reviewed
May 27, 2022
There was a problem hiding this comment.
Gitlab OAuth tokens expires_at include milliseconds, demanding a workaround of
token.expires_at = new Date(token.expires_at) // without * 1000
before calling createToken
It could be improved here by checking also the number of digits, or if the result of new Date is a valid date.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This library currently only handles expires_at properties well when they
are provided in ISOString representation.
Unlike the expires_in field, the expires_at is not part of the OAuth2
spec, so implementations may vary.
Some APIs like the Strava API use a UNIX timestamp (seconds since epoch)
in the expires_at field:
http://developers.strava.com/docs/authentication/#response-parameters-1
Token refresh will yield "Invalid Date" in the expires_at field when
only accepting an ISOString.
This patch checks if expires_at is a number and if so assumes it is a
UNIX timestamp (seconds since epoch).