mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-04 21:06:03 +02:00
35ef3274de
identity: override TokenSource expiry behavior (#4632) The current session refresh loop attempts to refresh access tokens when they are due to expire in less than one minute. However, the code to perform the refresh relies on a TokenSource from the x/oauth2 package, which has its own internal 'expiryDelta' threshold, with a default of 10 seconds. As a result, the first four or five attempts to refresh a particular access token will not actually refresh the token. The refresh will happen only when the access token is within 10 seconds of expiring. Instead, before we obtain a new TokenSource, first clear any existing access token. This causes the TokenSource to consider the token invalid, triggering a refresh. This should give the refresh loop more control over when refreshes happen. Consolidate this logic in a new Refresh() method in the oidc package. Add unit tests for this new method. Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| auth0 | ||
| azure | ||
| cognito | ||
| gitlab | ||
| okta | ||
| onelogin | ||
| ping | ||
| config.go | ||
| errors.go | ||
| oidc.go | ||
| oidc_test.go | ||
| refresh.go | ||
| refresh_test.go | ||
| userinfo.go | ||
| userinfo_test.go | ||