Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

handler/oauth2: set expiration time before the access token is generated #216

Merged
merged 1 commit into from
Oct 10, 2017

Conversation

nikita-v
Copy link
Contributor

@nikita-v nikita-v commented Oct 5, 2017

Hi!
JWT access token has invalid value in "exp" claim if implicit flow is used. This is because the token is generated before it is assigned an expiration time.

Signed-off-by: Nikita Vorobey <nikita@vorobey.by>
@coveralls
Copy link

coveralls commented Oct 5, 2017

Coverage Status

Coverage increased (+0.008%) to 80.55% when pulling 51886a2 on nikita-v:jwt_expiration_bug into d6cf027 on ory:master.

@aeneasr
Copy link
Member

aeneasr commented Oct 10, 2017

Thank you!

@aeneasr aeneasr merged commit 0911eb0 into ory:master Oct 10, 2017
mgloystein added a commit to spotxchange/fosite that referenced this pull request Jan 11, 2018
* handler/oauth2: set expiration time before the access token is generated (ory#216)

Signed-off-by: Nikita Vorobey <nikita@vorobey.by>

* token/hmac: replace custom logic with copypasta

* tests: replace nil checks with Error/NoError

* scripts: add format helper scripts

* all: format files with goimports

* travis: use go-acc and test format

* history: add 0.12.0 to TOC

* travis: update to go 1.9

* travis: add goimports to install section

* scripts: fix goimports import path

* vendor: replace glide with dep

* Add license header to all source files (ory#222)

Closes ory#221

Signed-off-by: aeneasr <aeneas.rekkas@serlo.org>

* travis: update go version (ory#220)

* handler/oauth2: Client IDs in revokation requests must match now (ory#226)

Closes ory#225

* Simplifies error contexts (ory#227)

Simplifies how errors are instantiated. Errors now contain all necessary information without relying on `fosite.ErrorToRFC6749Error` any more. `fosite.ErrorToRFC6749Error` is now an internal method and was renamed to `fosite.errorToRFC6749Error`.

* Exports ErrorToRFC6749Error again (ory#228)

* Makes use of rfcerr in access error endpoint writer explicit

* handler/oauth2: Improves authorization code error handling

* handler/oauth2: Adds token revokation on authorize code reuse

* internal: Updates mocks and mock generation

* oauth2: Allows client credentials in POST body and solves public client auth

Closes ory#231
Closes ory#217

* Improves error debug messages across the project

* Resolves test issues and reverts auth code revokation patch

* docs: Updates history.md

* Improves test coverage report by removing internal package from it

* Upgrades history.md

* token/jwt: Adds ability to specify acr value natively in id token payload

* Forces use of UTC time zone everywhere

* Adds ability to catch non-conform OIDC authorizations

Fosite is now capable of detecting authorization flows that
are not conformant with the OpenID Connect spec.

* Resolves overriding auth_time with wrong value

* Improves http error codes

* Returns the correct error on duplicate auth code use

* handler/oauth2: Adds offline_access alias for refresh flow

* Adds ability to forward hints and debug messages to clients (ory#242)

* compose: Makes SendDebugMessages first class citizen (ory#243)
mgloystein added a commit to spotxchange/fosite that referenced this pull request Mar 27, 2018
* handler/oauth2: set expiration time before the access token is generated (ory#216)

Signed-off-by: Nikita Vorobey <nikita@vorobey.by>

* token/hmac: replace custom logic with copypasta

* tests: replace nil checks with Error/NoError

* scripts: add format helper scripts

* all: format files with goimports

* travis: use go-acc and test format

* history: add 0.12.0 to TOC

* travis: update to go 1.9

* travis: add goimports to install section

* scripts: fix goimports import path

* vendor: replace glide with dep

* Add license header to all source files (ory#222)

Closes ory#221

Signed-off-by: aeneasr <aeneas.rekkas@serlo.org>

* travis: update go version (ory#220)

* handler/oauth2: Client IDs in revokation requests must match now (ory#226)

Closes ory#225

* Simplifies error contexts (ory#227)

Simplifies how errors are instantiated. Errors now contain all necessary information without relying on `fosite.ErrorToRFC6749Error` any more. `fosite.ErrorToRFC6749Error` is now an internal method and was renamed to `fosite.errorToRFC6749Error`.

* Exports ErrorToRFC6749Error again (ory#228)

* Makes use of rfcerr in access error endpoint writer explicit

* handler/oauth2: Improves authorization code error handling

* handler/oauth2: Adds token revokation on authorize code reuse

* internal: Updates mocks and mock generation

* oauth2: Allows client credentials in POST body and solves public client auth

Closes ory#231
Closes ory#217

* Improves error debug messages across the project

* Resolves test issues and reverts auth code revokation patch

* docs: Updates history.md

* Improves test coverage report by removing internal package from it

* Upgrades history.md

* token/jwt: Adds ability to specify acr value natively in id token payload

* Forces use of UTC time zone everywhere

* Adds ability to catch non-conform OIDC authorizations

Fosite is now capable of detecting authorization flows that
are not conformant with the OpenID Connect spec.

* Resolves overriding auth_time with wrong value

* Improves http error codes

* Returns the correct error on duplicate auth code use

* handler/oauth2: Adds offline_access alias for refresh flow

* Adds ability to forward hints and debug messages to clients (ory#242)

* compose: Makes SendDebugMessages first class citizen (ory#243)
budougumi0617 added a commit to budougumi0617/fosite that referenced this pull request May 10, 2019
…ted (ory#216)

Signed-off-by: Nikita Vorobey <nikita@vorobey.by>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants