matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-07-29 22:01:14 +03:00
Code Activity

Add exp claim in id_tokens

Browse Source
This commit is contained in:
Quentin Gliech
2022-01-10 17:59:57 +01:00
parent 5631300dc3
commit a30d4b58f0
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
crates/handlers/src/oauth2/token.rs
View File

@ -22,7 +22,7 @@ use hyper::StatusCode;
use mas_config::{OAuth2ClientConfig, OAuth2Config};
use mas_data_model::{AuthorizationGrantStage, TokenType};
use mas_jose::{
claims::{AT_HASH, AUD, AUTH_TIME, C_HASH, IAT, ISS, NONCE, SUB},
claims::{AT_HASH, AUD, AUTH_TIME, C_HASH, EXP, IAT, ISS, NONCE, SUB},
DecodedJsonWebToken, JsonWebSignatureAlgorithm, SigningKeystore, StaticKeystore,
};
use mas_storage::{
@ -258,12 +258,15 @@ async fn authorization_code_grant(
let id_token = if session.scope.contains(&OPENID) {
let mut claims = HashMap::new();
let now = Utc::now();
ISS.insert(&mut claims, issuer.to_string()).wrap_error()?;
SUB.insert(&mut claims, &browser_session.user.sub)
.wrap_error()?;
AUD.insert(&mut claims, client.client_id.clone())
.wrap_error()?;
IAT.insert(&mut claims, Utc::now()).wrap_error()?;
IAT.insert(&mut claims, now).wrap_error()?;
EXP.insert(&mut claims, now + Duration::hours(1))
.wrap_error()?;
if let Some(ref nonce) = authz_grant.nonce {
NONCE.insert(&mut claims, nonce.clone()).wrap_error()?;