Skip to content

Commit

Permalink
Fix token validation logic for long-term tokens (#209)
Browse files Browse the repository at this point in the history
* Fix token validation logic for long-term tokens

* Fix token inspection logic and add logging for token refresh
  • Loading branch information
Gcolon021 authored Sep 16, 2024
1 parent 706f057 commit a66011a
Showing 1 changed file with 5 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 +183,10 @@ private TokenInspection validateToken(Map<String, Object> inputMap) throws Illeg
errorMsg = "User doesn't have enough privileges.";
}

if (isAuthorizationPassed) {
if (isLongTermToken && isAuthorizationPassed) {
// The long term token is not automatically refreshed, so we don't need to check the expiration time
tokenInspection.addField("active", true);
} else if (isAuthorizationPassed) {
tokenInspection.addField("active", true);
ArrayList<String> roles = new ArrayList<>();
for (Privilege p : user.getTotalPrivilege()) {
Expand All @@ -194,6 +197,7 @@ private TokenInspection validateToken(Map<String, Object> inputMap) throws Illeg
// Refresh Token
Date expiration = jws.getPayload().getExpiration();
if (jwtUtil.shouldRefreshToken(expiration, tokenExpirationTime)) {
logger.info("_inspectToken() Token is about to expire, refreshing token...");
RefreshToken refreshResponse = refreshToken(token);
if (refreshResponse instanceof ValidRefreshToken validRefreshToken) {
tokenInspection.addField("token", validRefreshToken.token());
Expand Down

0 comments on commit a66011a

Please # to comment.