Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: support custom TimeProvider when validating tokens (introspect, userinfo) #730

Merged
merged 2 commits into from
Aug 21, 2024

Conversation

tommytroen
Copy link
Collaborator

Currently we only verify tokens issued from the server in the UserInfo and Introspection endpoints (other endpoints simply use the token as is without verification). This should fix #700 by using new verify function from the OAuth2TokenProvider class.

  • add verify function to OAuth2TokenProvider and use the TimeProvider if set - i.e. via overriding Nimbus DefaultJWTClaimsVerifier's currentTime function
  • refactor tests for simplicity

@tommytroen tommytroen requested a review from a team as a code owner August 20, 2024 07:55
@tommytroen tommytroen force-pushed the feat_verify_with_timeprovider branch from 540b611 to 36ca7a8 Compare August 20, 2024 08:41
* add verify function to OAuth2TokenProvider and use the TimeProvider if set - i.e. via overriding Nimbus DefaultJWTClaimsVerifier's currentTime function
* refactor tests for simplicity
@tommytroen tommytroen force-pushed the feat_verify_with_timeprovider branch from 36ca7a8 to 7a0a8e1 Compare August 20, 2024 08:45
* necessary to use jwkSelector to only get keys for supported algorithm
* use Instant.now for currentTime when TimeProvider not set
* formatting
@tommytroen tommytroen requested a review from ybelMekk August 20, 2024 10:17
@tommytroen tommytroen merged commit 5fe5d8e into master Aug 21, 2024
3 checks passed
@tommytroen tommytroen deleted the feat_verify_with_timeprovider branch August 21, 2024 06:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Validation of tokens doesn't consider OAuth2Config.tokenProvider.systemTime
1 participant