You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by bu...@apache.org on 2020/02/26 11:10:59 UTC
[cxf-fediz] branch master updated: fediz-oidc: fix exp claim when
timeToLive specified
This is an automated email from the ASF dual-hosted git repository.
buhhunyx pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
The following commit(s) were added to refs/heads/master by this push:
new c61a67d fediz-oidc: fix exp claim when timeToLive specified
c61a67d is described below
commit c61a67de8516fb7379f572fc1ebc73805725d22b
Author: Alexey Markevich <bu...@gmail.com>
AuthorDate: Wed Feb 26 14:10:13 2020 +0300
fediz-oidc: fix exp claim when timeToLive specified
---
.../org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java
index 32fa63a..d03d2d8 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java
@@ -137,15 +137,15 @@ public class FedizSubjectCreator implements SubjectCreator {
idToken.setTokenId(OAuthUtils.generateRandomTokenKey());
// Compute exp claim
- long currentTimeInSecs = System.currentTimeMillis() / 1000L;
- idToken.setIssuedAt(currentTimeInSecs);
+ final long iat = OAuthUtils.getIssuedAt();
+ idToken.setIssuedAt(iat);
HttpSession httpSession = mc.getHttpServletRequest().getSession(false);
if (timeToLive > 0) {
- idToken.setExpiryTime(timeToLive);
+ idToken.setExpiryTime(iat + timeToLive);
} else if (httpSession != null && httpSession.getMaxInactiveInterval() > 0) {
- idToken.setExpiryTime(currentTimeInSecs + httpSession.getMaxInactiveInterval());
+ idToken.setExpiryTime(iat + httpSession.getMaxInactiveInterval());
} else {
- idToken.setExpiryTime(currentTimeInSecs + DEFAULT_TIME_TO_LIVE);
+ idToken.setExpiryTime(iat + DEFAULT_TIME_TO_LIVE);
}
List<String> requestedClaimsList = new ArrayList<>();