mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-01 03:16:31 +02:00
39a477c510
The current session refresh loop attempts to refresh access tokens when they are due to expire in less than one minute. However, the code to perform the refresh relies on a TokenSource from the x/oauth2 package, which has its own internal 'expiryDelta' threshold, with a default of 10 seconds. As a result, the first four or five attempts to refresh a particular access token will not actually refresh the token. The refresh will happen only when the access token is within 10 seconds of expiring. Instead, before we obtain a new TokenSource, first clear any existing access token. This causes the TokenSource to consider the token invalid, triggering a refresh. This should give the refresh loop more control over when refreshes happen. Consolidate this logic in a new Refresh() method in the oidc package. Add unit tests for this new method. |
||
|---|---|---|
| .. | ||
| auth0 | ||
| azure | ||
| cognito | ||
| gitlab | ||
| okta | ||
| onelogin | ||
| ping | ||
| config.go | ||
| errors.go | ||
| oidc.go | ||
| oidc_test.go | ||
| refresh.go | ||
| refresh_test.go | ||
| userinfo.go | ||
| userinfo_test.go | ||