mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-04 12:56:02 +02:00
35ef3274de
identity: override TokenSource expiry behavior (#4632) The current session refresh loop attempts to refresh access tokens when they are due to expire in less than one minute. However, the code to perform the refresh relies on a TokenSource from the x/oauth2 package, which has its own internal 'expiryDelta' threshold, with a default of 10 seconds. As a result, the first four or five attempts to refresh a particular access token will not actually refresh the token. The refresh will happen only when the access token is within 10 seconds of expiring. Instead, before we obtain a new TokenSource, first clear any existing access token. This causes the TokenSource to consider the token invalid, triggering a refresh. This should give the refresh loop more control over when refreshes happen. Consolidate this logic in a new Refresh() method in the oidc package. Add unit tests for this new method. Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| apple | ||
| github | ||
| options.go | ||