3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-24 20:18:13 +02:00
Code Issues Projects Releases Packages Wiki Activity

session: do not invalidate based on ID token (#5182)

Browse source 
Per the OIDC spec, section 2:

> NOTE: The ID Token expiration time is unrelated [to] the lifetime of
> the authenticated session between the RP and the OP.

A Pomerium session should remain valid for as long as the underlying
OAuth2 session.
This commit is contained in:
Kenneth Jenkins 2024-07-19 16:29:06 -07:00 committed by GitHub
parent e5e6558de6
commit 9fe646f25a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
pkg/grpc/session/session_test.go
View file

@ -181,8 +181,9 @@ func TestSession_Validate(t *testing.T) {
}{
{"valid", &Session{}, nil},
{"expired", &Session{ExpiresAt: t0}, ErrSessionExpired},
{"expired id token", &Session{IdToken: &IDToken{ExpiresAt: t0}}, ErrSessionExpired},
{"expired oauth token", &Session{OauthToken: &OAuthToken{ExpiresAt: t0}}, ErrSessionExpired},
// Expiry of the ID token does not indicate expiry of the underlying session.
{"expired id token ok", &Session{IdToken: &IDToken{ExpiresAt: t0}}, nil},
} {
tc := tc
t.Run(tc.name, func(t *testing.T) {