3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-06 21:04:39 +02:00
Code Issues Projects Releases Packages Wiki Activity

authorize: set JWT to expire after 5 minutes (#1980)

Browse source 
* authorize: set JWT to expire after 5 minutes

* use lesser of 5 minutes or id token expiration

* add test for expires at
This commit is contained in:
Caleb Doxsey 2021-03-15 07:38:32 -06:00 committed by GitHub
parent 07e150a5af
commit ae7626df3e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
authorize/evaluator/opa_test.go
View file

@ -150,6 +150,8 @@ func TestOPA(t *testing.T) {
var claims M
err = authJWT.Claims(publicJWK, &claims)
require.NoError(t, err)
assert.LessOrEqual(t, claims["exp"], float64(time.Now().Add(time.Minute*6).Unix()),
"JWT should expire within 5 minutes, but got: %v", claims["exp"])
return claims
}
@ -174,6 +176,7 @@ func TestOPA(t *testing.T) {
Email: "group1@example.com",
},
)
delete(payload, "exp")
assert.Equal(t, M{
"aud": "from.example.com",
"iss": "authenticate.example.com",
@ -212,8 +215,8 @@ func TestOPA(t *testing.T) {
"aud": "from.example.com",
"iss": "authenticate.example.com",
"jti": "session1",
"exp": 1609462861.0,
"iat": 1612141261.0,
"exp": 1609462861.0,
"sub": "user1",
"user": "user1",
"email": "a@example.com",