3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-24 12:08:19 +02:00
Code Issues Projects Releases Packages Wiki Activity

session: do not invalidate based on ID token (#5182)

Browse source 
Per the OIDC spec, section 2:

> NOTE: The ID Token expiration time is unrelated [to] the lifetime of
> the authenticated session between the RP and the OP.

A Pomerium session should remain valid for as long as the underlying
OAuth2 session.
This commit is contained in:
Kenneth Jenkins 2024-07-19 16:29:06 -07:00 committed by GitHub
parent e5e6558de6
commit 9fe646f25a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
pkg/grpc/session/session.go
View file

@ -116,7 +116,6 @@ func (x *Session) Validate() error {
for name, expiresAt := range map[string]*timestamppb.Timestamp{
"session": x.GetExpiresAt(),
"access_token": x.GetOauthToken().GetExpiresAt(),
"id_token": x.GetIdToken().GetExpiresAt(),
} {
if expiresAt.AsTime().Year() > 1970 && now.After(expiresAt.AsTime()) {
return fmt.Errorf("%w: %s expired at %s", ErrSessionExpired, name, expiresAt.AsTime())