You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cxf.apache.org by bu...@apache.org on 2020/02/26 11:10:59 UTC

[cxf-fediz] branch master updated: fediz-oidc: fix exp claim when timeToLive specified

This is an automated email from the ASF dual-hosted git repository.

buhhunyx pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git


The following commit(s) were added to refs/heads/master by this push:
     new c61a67d  fediz-oidc: fix exp claim when timeToLive specified
c61a67d is described below

commit c61a67de8516fb7379f572fc1ebc73805725d22b
Author: Alexey Markevich <bu...@gmail.com>
AuthorDate: Wed Feb 26 14:10:13 2020 +0300

    fediz-oidc: fix exp claim when timeToLive specified
---
 .../org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java
index 32fa63a..d03d2d8 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java
@@ -137,15 +137,15 @@ public class FedizSubjectCreator implements SubjectCreator {
         idToken.setTokenId(OAuthUtils.generateRandomTokenKey());
 
         // Compute exp claim
-        long currentTimeInSecs = System.currentTimeMillis() / 1000L;
-        idToken.setIssuedAt(currentTimeInSecs);
+        final long iat = OAuthUtils.getIssuedAt();
+        idToken.setIssuedAt(iat);
         HttpSession httpSession = mc.getHttpServletRequest().getSession(false);
         if (timeToLive > 0) {
-            idToken.setExpiryTime(timeToLive);
+            idToken.setExpiryTime(iat + timeToLive);
         } else if (httpSession != null && httpSession.getMaxInactiveInterval() > 0) {
-            idToken.setExpiryTime(currentTimeInSecs + httpSession.getMaxInactiveInterval());
+            idToken.setExpiryTime(iat + httpSession.getMaxInactiveInterval());
         } else {
-            idToken.setExpiryTime(currentTimeInSecs + DEFAULT_TIME_TO_LIVE);
+            idToken.setExpiryTime(iat + DEFAULT_TIME_TO_LIVE);
         }
 
         List<String> requestedClaimsList = new ArrayList<>();