You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Context
We use spring authorization server in our test environments. There we have no valuable data. As we use Angular with the Lib https://www.npmjs.com/package/angular-auth-oidc-client we would like to use a refresh token, but this is not supported by spring-authorization-server. This means for us that every user is logged out after 30min as of this fixed value.
The only fix available is to increase this timeout so the testers can test for some hours.
If you agree to this proposal, please let me know. I would try to make a PR.
The text was updated successfully, but these errors were encountered:
Just for documentation, so other peoples have the code ready to fix this problem, here how i fix this issue.
this line did the fix context.getClaims().claim("exp", Instant.now().plus(14, HOURS));
@Bean
public OAuth2TokenCustomizer<JwtEncodingContext> tokenCustomizer() {
return context -> {
var principal = context.getPrincipal();
if (Objects.equals(context.getTokenType().getValue(), "access_token") && principal instanceof UsernamePasswordAuthenticationToken) {
var user = (User) principal.getPrincipal();
context.getClaims().claim("preferred_username", user.getUsername());
context.getClaims().claim(USER_ID_CLAIM_KEY.getKey(), user.getUsername());
context.getClaims().claim("groups", List.of(AZURE_AD_GROUP_AAA_DEV_ADMINPORTAL));
context.getClaims().claim("correlationId", UUID.randomUUID().toString());
}
if (context.getTokenType().getValue().equals(OidcParameterNames.ID_TOKEN)) {
var user = (User) principal.getPrincipal();
context.getClaims()
.claim("preferred_username", user.getUsername());
// Overwrite the exp of the ID TOKEN so the tester can longer test
context.getClaims().claim("exp", Instant.now().plus(14, HOURS));
context.getClaims().claim("groups", List.of(AZURE_AD_GROUP_AAA_DEV_ADMINPORTAL));
}
};
}
Expected Behavior
I want to be able to configure the ID Token expiresAt.
Current Behavior
The value is a fix value with a todo, see
spring-authorization-server/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/JwtGenerator.java
Line 96 in aed93f3
Context
We use spring authorization server in our test environments. There we have no valuable data. As we use Angular with the Lib https://www.npmjs.com/package/angular-auth-oidc-client we would like to use a refresh token, but this is not supported by spring-authorization-server. This means for us that every user is logged out after 30min as of this fixed value.
The only fix available is to increase this timeout so the testers can test for some hours.
If you agree to this proposal, please let me know. I would try to make a PR.
The text was updated successfully, but these errors were encountered: