Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(client): use timestamp before issue token request to ensure expiresAt is smaller than token exp #522

Conversation

charIeszhao
Copy link
Member

@charIeszhao charIeszhao commented Jul 6, 2023

Summary

Calculate the expiresAt by requestedAt + expiresIn, which ensures the calculated result is always smaller than the actual exp property in token claims.

expiresAt = requestedAt + actual request time + expiresIn

Should fix #518

Testing

N/A

Checklist

  • .changeset

@charIeszhao charIeszhao requested a review from a team July 6, 2023 04:04
@charIeszhao charIeszhao self-assigned this Jul 6, 2023
@linear
Copy link

linear bot commented Jul 6, 2023

LOG-6493 ExpireAt and exp in token claims are mismatched

Discussed and decided to add a backward shifted time (60s) to the expireAt result.

Copy link

@ikupenov ikupenov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cross-posting from #518.

I don't think the expiresAt value should be calculated by using Now + expiresIn - shiftedTime but rather issueAt (iat claim) + expiresIn (or any other client-specific value that's less than expiresAt) - shiftedTime (maybe not needed). Correct me if I don't understand this right.

To summarize, I don't think it's a good idea to use Date.now() when you can use either the exp or iat claim to get a much more consistent result across the client and the server.

@charIeszhao charIeszhao force-pushed the charles-log-6493-expire-at-and-exp-in-token-claims-are-mismatched branch from e7d6428 to 635a146 Compare July 8, 2023 03:10
@charIeszhao charIeszhao requested a review from ikupenov July 8, 2023 03:11
@charIeszhao charIeszhao changed the title fix(client): add a backward time shift to ensure expiresAt is smaller than token exp fix(client): use timestamp before exchange token request to ensure expiresAt is smaller than token exp Jul 8, 2023
@charIeszhao charIeszhao force-pushed the charles-log-6493-expire-at-and-exp-in-token-claims-are-mismatched branch from 635a146 to bca7b4d Compare July 8, 2023 03:22
@charIeszhao charIeszhao changed the title fix(client): use timestamp before exchange token request to ensure expiresAt is smaller than token exp fix(client): use timestamp before issue token request to ensure expiresAt is smaller than token exp Jul 8, 2023
@charIeszhao charIeszhao force-pushed the charles-log-6493-expire-at-and-exp-in-token-claims-are-mismatched branch from bca7b4d to 83fbf09 Compare July 10, 2023 02:34
@charIeszhao charIeszhao force-pushed the charles-log-6493-expire-at-and-exp-in-token-claims-are-mismatched branch from 83fbf09 to 9049333 Compare July 11, 2023 06:08
@charIeszhao charIeszhao merged commit 5ed5b92 into master Jul 14, 2023
@charIeszhao charIeszhao deleted the charles-log-6493-expire-at-and-exp-in-token-claims-are-mismatched branch July 14, 2023 06:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

bug: access token expiration mismatch
4 participants