Merge pull request #863 from JanssenProject/jans-auth-server-issue-821-1

fix(jans-auth-server): corrected wrong expires_in
JanssenProject · Feb 18, 2022 · dfce3e2 · dfce3e2
2 parents 8f59921 + 428c5b3
commit dfce3e2
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 1 deletion.
diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/par/ws/rs/ParRestWebService.java b/jans-auth-server/server/src/main/java/io/jans/as/server/par/ws/rs/ParRestWebService.java
@@ -176,7 +176,7 @@ public Response requestPushedAuthorizationRequest(
 
             ParResponse parResponse = new ParResponse();
             parResponse.setRequestUri(ParService.toOutsideId(par.getId()));
-            parResponse.setExpiresIn(par.getTtl());
+            parResponse.setExpiresIn(par.getTtl()); // set it to TTL instead of lifetime because TTL can be updated during request object validation
 
             final String responseAsString = ServerUtil.asJson(parResponse);
 

diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/par/ws/rs/ParValidator.java b/jans-auth-server/server/src/main/java/io/jans/as/server/par/ws/rs/ParValidator.java
@@ -17,6 +17,7 @@
 import io.jans.as.server.model.authorize.ScopeChecker;
 import io.jans.as.server.service.RedirectUriResponse;
 import io.jans.as.server.service.RequestParameterService;
+import io.jans.as.server.util.ServerUtil;
 import org.apache.commons.lang3.StringUtils;
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
@@ -100,6 +101,10 @@ public void validateRequestObject(RedirectUriResponse redirectUriResponse, Par p
                 par.setTtl(jwtRequest.getExp());
                 par.setExpirationDate(Util.createExpirationDate(jwtRequest.getExp()));
             }
+            if (jwtRequest.getExp() != null) {
+                par.setTtl(ServerUtil.calculateTtl(jwtRequest.getExp()));
+                par.setExpirationDate(new Date(jwtRequest.getExp() * 1000L));
+            }
             if (!jwtRequest.getScopes().isEmpty()) { // JWT wins
                 Set<String> scopes = scopeChecker.checkScopesPolicy(client, Lists.newArrayList(jwtRequest.getScopes()));
                 par.getAttributes().setScope(implode(scopes, " "));

diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/util/ServerUtil.java b/jans-auth-server/server/src/main/java/io/jans/as/server/util/ServerUtil.java
@@ -75,6 +75,17 @@ public static GregorianCalendar now() {
         return new GregorianCalendar(TimeZone.getTimeZone("UTC"));
     }
 
+    public static int nowAsSeconds() {
+        return (int) (new Date().getTime() / 1000L);
+    }
+
+    public static int calculateTtl(Integer expirationDateAsSeconds) {
+        if (expirationDateAsSeconds == null) {
+            return 0;
+        }
+        return expirationDateAsSeconds - nowAsSeconds();
+    }
+
     public static int calculateTtl(Date creationDate, Date expirationDate) {
         if (creationDate != null && expirationDate != null) {
             return (int) ((expirationDate.getTime() - creationDate.getTime()) / 1000L);