Skip to content

Commit

Permalink
fix(jans-auth-server): set par expiration to request object exp #824 (#…
Browse files Browse the repository at this point in the history 
…860)
  • Loading branch information
@yuriyzz
yuriyzz authored Feb 18, 2022
1 parent 392b3fc commit c835c38
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 1 deletion.
2 changes: 1 addition & 1 deletion jans-auth-server/server/src/main/java/io/jans/as/server/par/ws/rs/ParRestWebService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -176,7 +176,7 @@ public Response requestPushedAuthorizationRequest(

ParResponse parResponse = new ParResponse();
parResponse.setRequestUri(ParService.toOutsideId(par.getId()));
parResponse.setExpiresIn(parLifetime);
parResponse.setExpiresIn(par.getTtl());

final String responseAsString = ServerUtil.asJson(parResponse);

Expand Down
6 changes: 6 additions & 0 deletions jans-auth-server/server/src/main/java/io/jans/as/server/par/ws/rs/ParValidator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
import io.jans.as.model.error.ErrorResponseFactory;
import io.jans.as.model.error.IErrorType;
import io.jans.as.model.jwt.JwtClaimName;
import io.jans.as.model.util.Util;
import io.jans.as.persistence.model.Par;
import io.jans.as.server.authorize.ws.rs.AuthorizeRestWebServiceValidator;
import io.jans.as.server.model.authorize.Claim;
Expand All @@ -24,6 +25,7 @@
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.ws.rs.WebApplicationException;
import java.util.Date;
import java.util.Set;

import static io.jans.as.model.util.StringUtils.implode;
Expand Down Expand Up @@ -94,6 +96,10 @@ public void validateRequestObject(RedirectUriResponse redirectUriResponse, Par p
if (jwtRequest.getNbf() != null) {
par.getAttributes().setNbf(jwtRequest.getNbf());
}
if (jwtRequest.getExp() != null) {
par.setTtl(jwtRequest.getExp());
par.setExpirationDate(Util.createExpirationDate(jwtRequest.getExp()));
}
if (!jwtRequest.getScopes().isEmpty()) { // JWT wins
Set<String> scopes = scopeChecker.checkScopesPolicy(client, Lists.newArrayList(jwtRequest.getScopes()));
par.getAttributes().setScope(implode(scopes, " "));
Expand Down

0 comments on commit c835c38

Please sign in to comment.