Skip to content

Handling non-JWT token during OAuth by not caching #328

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 8 commits into from
Jun 13, 2025
Merged

Handling non-JWT token during OAuth by not caching #328

Changes from 3 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
14fdd16
Handling non-JWT token during OAuth by not caching
Jun 10, 2025
f64f19f
Merge branch 'main' into users/tracyboehrer/non-jwt-token-fix
tracyboehrer Jun 10, 2025
92531e4
Copilot correction
Jun 10, 2025
48ff01b
Removed GitHub token logic, still caching non-JWT tokens for during o…
Jun 10, 2025
4319260
Merge branch 'main' into users/tracyboehrer/non-jwt-token-fix
tracyboehrer Jun 10, 2025
988af69
Opted to not cache tokens without expiration info.
Jun 12, 2025
3d31570
Merge branch 'main' into users/tracyboehrer/non-jwt-token-fix
tracyboehrer Jun 12, 2025
6159928
Merge branch 'main' into users/tracyboehrer/non-jwt-token-fix
MattB-msft Jun 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 27 additions & 6 deletions src/libraries/Client/Microsoft.Agents.Connector/RestClients/UserTokenRestClient.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -422,14 +422,35 @@ private static void AddTokenResponseToCache(string cacheKey, TokenResponse token
{
if (tokenResponse != null && tokenResponse.Token != null)
{
var jwtToken = new JwtSecurityToken(tokenResponse.Token);

tokenResponse.IsExchangeable = IsExchangeableToken(jwtToken);

if (tokenResponse.Expiration == null)
{
// Token Service isn't returning Expiration in TokenResponse
tokenResponse.Expiration = jwtToken.ValidTo;
// Token Service isn't returning Expiration in TokenResponse. Try to
// get from token.

if (tokenResponse.Token.StartsWith("gho_"))
{
// GitHub OAuth App docs indicate the tokens don't expire until revoked or unused
// for one year. For purposes of efficiency we'll cache it briefly.
tokenResponse.Expiration = DateTimeOffset.UtcNow + TimeSpan.FromMinutes(30);
tokenResponse.IsExchangeable = false;
}
else
{
try
{
var jwtToken = new JwtSecurityToken(tokenResponse.Token);
tokenResponse.IsExchangeable = IsExchangeableToken(jwtToken);
if (tokenResponse.Expiration == null)
{
tokenResponse.Expiration = jwtToken.ValidTo;
}
}
catch (Exception)
{
// Since we don't have an expiration, we can't cache it.
return;
}
}
}

_cache.Add(
Expand Down
Loading