Fixes #1318 by multiplying decreaseExpirationBySec with 1000. Also fixes returning true for calling hasValidAccessToken on tokens which are already expired#1374
Conversation
|
@manfredsteyer or @jeroenheijmans Could you please have a look at this PR, because i think the part with the "expires_at" is rather critical |
|
Heya! FYI: I'm no longer very active as a maintainer or community moderator (see #1280), so I will likely not be investigating or reviewing. But thanks for submitting a fix to this Open Source project, hopefully Manfred or another contributor can find time to help out! |
|
@manfredsteyer sry for bumping, but i think this is a big issue and should be fixed asap |
|
Need to be merged. |
a54ea92 to
078415b
Compare
e1fc6c5 to
5d10af2
Compare
|
The PR fixes 2 occurrences of decreaseExpirationBySec but there are 3 occurrences on current master. 👍 to merge it. |
…1000. Also fixes wrong subtraction of getClockSkewInMsec Signed-off-by: Patrick Bender <Patrick.Bender@softgarden.de>
Thx. I just rebased to latest master and also fixed the third occurence |
vilmantasbaranauskas
left a comment
There was a problem hiding this comment.
PR looks correct to me.
1421146 to
4dff3c3
Compare
581dc7a to
328e014
Compare
In the "expires_at" is set and its calculated with local clock (see https://github.com/manfredsteyer/angular-oauth2-oidc/blob/15.0.0/projects/lib/src/oauth-service.ts#L1698 ). Therefore there is no need to appy clockSkewInMsec in hasValidAccessToken