feat: increase 2 legged issued tokens lifetime to one hour

formancehq · Dec 16, 2022 · 5b3ef2d · 5b3ef2d
1 parent 3b9323e
commit 5b3ef2d
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 2 deletions.
diff --git a/pkg/oidc/oidc_test.go b/pkg/oidc/oidc_test.go
@@ -155,6 +155,7 @@ func Test3LeggedFlow(t *testing.T) {
 			// And this code is used to get a token
 			tokens, err := rp.CodeExchange(context.TODO(), code, clientRelyingParty)
 			require.NoError(t, err)
+			require.Equal(t, time.Until(tokens.Expiry).Round(oidc.ExpirationToken3Legged), oidc.ExpirationToken3Legged)
 
 			// Create a OAuth2 client which represent our client application
 			secondaryClient := auth.NewClient(auth.ClientOptions{
@@ -262,7 +263,8 @@ func TestClientCredentials(t *testing.T) {
 			TokenURL:     clientRelyingParty.OAuthConfig().Endpoint.TokenURL,
 			Scopes:       []string{},
 		}
-		_, err = clientCredentialsConfig.Token(context.Background())
+		token, err := clientCredentialsConfig.Token(context.Background())
 		require.NoError(t, err)
+		require.Equal(t, time.Until(token.Expiry).Round(oidc.ExpirationToken2Legged), oidc.ExpirationToken2Legged)
 	})
 }
diff --git a/pkg/oidc/storage.go b/pkg/oidc/storage.go
@@ -17,6 +17,11 @@ import (
 	"gopkg.in/square/go-jose.v2"
 )
 
+const (
+	ExpirationToken2Legged = time.Hour
+	ExpirationToken3Legged = 5 * time.Minute
+)
+
 type Storage interface {
 	SaveAuthRequest(ctx context.Context, request auth.AuthRequest) error
 	FindAuthRequest(ctx context.Context, id string) (*auth.AuthRequest, error)
@@ -413,12 +418,18 @@ func (s *storageFacade) renewRefreshToken(ctx context.Context, currentRefreshTok
 
 // accessToken will store an access_token in-memory based on the provided information
 func (s *storageFacade) saveAccessToken(ctx context.Context, refreshToken *auth.RefreshToken, applicationId, subject string, audience, scopes []string) (*auth.AccessToken, error) {
+
+	expiration := ExpirationToken2Legged
+	if subject != "" {
+		expiration = ExpirationToken3Legged
+	}
+
 	token := auth.AccessToken{
 		ID:            uuid.NewString(),
 		ApplicationID: applicationId,
 		UserID:        subject,
 		Audience:      audience,
-		Expiration:    time.Now().Add(5 * time.Minute),
+		Expiration:    time.Now().Add(expiration),
 		Scopes:        scopes,
 		RefreshTokenID: func() string {
 			if refreshToken == nil {