fix(oauth2): incorrect TTL override

ory · Sep 7, 2022 · 7893a98 · 7893a98
1 parent fe3c899
commit 7893a98
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 2 deletions.
diff --git a/oauth2/handler.go b/oauth2/handler.go
@@ -823,9 +823,7 @@ func (h *Handler) performOAuth2TokenFlow(w http.ResponseWriter, r *http.Request)
 		h.r.OAuth2Provider().WriteAccessError(ctx, w, accessRequest, err)
 		return
 	}
-	accessRequest.GetClient()
 
-	session.SetExpiresAt(fosite.AccessToken, time.Now().UTC().Add(time.Hour))
 	if accessRequest.GetGrantTypes().ExactOne("client_credentials") || accessRequest.GetGrantTypes().ExactOne("urn:ietf:params:oauth:grant-type:jwt-bearer") {
 		var accessTokenKeyID string
 		if h.c.AccessTokenStrategy(ctx) == "jwt" {

diff --git a/oauth2/oauth2_client_credentials_test.go b/oauth2/oauth2_client_credentials_test.go
@@ -243,4 +243,27 @@ func TestClientCredentials(t *testing.T) {
 		t.Run("strategy=opaque", run("opaque"))
 		t.Run("strategy=jwt", run("jwt"))
 	})
+
+	t.Run("case=should respect TTL", func(t *testing.T) {
+		duration := time.Hour * 24 * 7
+		reg.Config().MustSet(ctx, config.KeyAccessTokenLifespan, duration.String())
+
+		run := func(strategy string) func(t *testing.T) {
+			return func(t *testing.T) {
+				reg.Config().MustSet(ctx, config.KeyAccessTokenStrategy, strategy)
+				cl, conf := newClient(t)
+				conf.Scopes = []string{}
+				token, err := getToken(t, conf)
+				require.NoError(t, err)
+
+				assert.EqualValues(t, time.Now().Add(duration).Round(time.Minute), token.Expiry.Round(time.Minute))
+
+				introspection := testhelpers.IntrospectToken(t, &goauth2.Config{ClientID: cl.GetID(), ClientSecret: conf.ClientSecret}, token, admin)
+				assert.EqualValues(t, time.Now().Add(duration).Round(time.Minute), time.Unix(introspection.Get("exp").Int(), 0).Round(time.Minute))
+			}
+		}
+
+		t.Run("strategy=opaque", run("opaque"))
+		t.Run("strategy=jwt", run("jwt"))
+	})
 }