Fix #159. Client management endpoint should preserve the grace period…

…, not zero it out (thereby disabling grace periods for any unwitting clients.)
ncsa · Jan 26, 2024 · 5402b77 · 5402b77
1 parent 4218f00
commit 5402b77
Show file tree

Hide file tree

Showing 7 changed files with 76 additions and 91 deletions.
diff --git a/.idea/workspace.xml b/.idea/workspace.xml
diff --git a/common/src/main/java/edu/uiuc/ncsa/oa4mp/delegation/common/token/impl/TokenFactory.java b/common/src/main/java/edu/uiuc/ncsa/oa4mp/delegation/common/token/impl/TokenFactory.java
@@ -67,37 +67,7 @@ protected static void parseRawToken(String rawToken, TokenImpl token) {
             return;
 
         }
-/*
-        StringTokenizer st = new StringTokenizer(rawToken, ".");
-        if (1 < st.countTokens() && st.countTokens() <= 3) {
-            st.nextToken();
-            String payload = st.nextToken();
-            try {
-                byte[] x = Base64.decodeBase64(payload);
-                String pp = new String(x, StandardCharsets.UTF_8);
-                JSONObject jsonObject = JSONObject.fromObject(pp);
-                token.setPayload(jsonObject);
-                // remember that in JWTs the times are in seconds.
-                if (jsonObject.containsKey("jti")) {
-                    token.setJti(URI.create(jsonObject.getString("jti")));
-                }
-                if (jsonObject.containsKey("iat")) {
-                    token.setIssuedAt(1000 * jsonObject.getLong("iat"));
-                }
-                if (jsonObject.containsKey("exp")) {
-                    long expiresAt = jsonObject.getLong("exp");
-                    token.setExpiresAt(1000 * expiresAt);
-                    token.setLifetime(1000 * expiresAt - token.getIssuedAt());
-                }
-                token.setJWT(true);
-                token.setToken(rawToken);// can't really change this. Should be a string...
-                return;
-            } catch (Throwable t) {
-                // so it ain't a JWT.
-                t.printStackTrace();
-            }
-        }
-*/
+
         // so at this point, we have to assume that it is indeed just a token.
         token.setJWT(false);
         token.setJti(URI.create(rawToken));
@@ -145,6 +115,7 @@ public static RefreshTokenImpl createRT(String rawToken) {
         return refreshToken;
     }
 
+
     /**
      * Recreate the object from its serialized form.
      *

diff --git a/oauth2/src/main/java/edu/uiuc/ncsa/oa4mp/delegation/oa2/OA2Constants.java b/oauth2/src/main/java/edu/uiuc/ncsa/oa4mp/delegation/oa2/OA2Constants.java
@@ -65,6 +65,7 @@ public interface OA2Constants {
     public static String MAX_ID_TOKEN_LIFETIME = "max_id_token_lifetime";
     public static String ID_TOKEN_IDENTIFIER = "jti"; // was token_id
     public static String EA_SUPPORT = "ea_support";
+
     public static String REQUEST = "request";
     public static String REQUEST_URI = "request_uri";
     public static String AUTHORIZATION_TIME = "auth_time";