Update getKeepAliveExpiry logic for OIDC

Signed-off-by: Craig Perkins <[email protected]>
cwperks · Jun 10, 2024 · da4b14d · da4b14d
1 parent 8dc6f37
commit da4b14d
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 3 deletions.
diff --git a/server/auth/types/openid/openid_auth.test.ts b/server/auth/types/openid/openid_auth.test.ts
@@ -302,10 +302,16 @@ describe('test OpenId authHeaderValue', () => {
   });
 
   test('getKeepAliveExpiry', () => {
+    const realDateNow = Date.now.bind(global.Date);
+    const dateNowStub = jest.fn(() => 300);
+    global.Date.now = dateNowStub;
     const oidcConfig: unknown = {
       openid: {
         scope: [],
       },
+      session: {
+        ttl: 3600,
+      },
     };
 
     const openIdAuthentication = new OpenIdAuthentication(
@@ -323,6 +329,7 @@ describe('test OpenId authHeaderValue', () => {
       expiryTime: 1000,
     };
 
-    expect(openIdAuthentication.getKeepAliveExpiry(testCookie, {})).toBe(1000);
+    expect(openIdAuthentication.getKeepAliveExpiry(testCookie, {})).toBe(3900);
+    global.Date.now = realDateNow;
   });
 });
diff --git a/server/auth/types/openid/openid_auth.ts b/server/auth/types/openid/openid_auth.ts
@@ -250,12 +250,11 @@ export class OpenIdAuthentication extends AuthenticationType {
     };
   }
 
-  // OIDC expiry time is set by the IDP and refreshed via refreshTokens
   getKeepAliveExpiry(
     cookie: SecuritySessionCookie,
     request: OpenSearchDashboardsRequest<unknown, unknown, unknown, any>
   ): number {
-    return cookie.expiryTime!;
+    return Date.now() + this.config.session.ttl;
   }
 
   // TODO: Add token expiration check here