Skip to content

fix: acces token post response expires_in field wasn't sending an integer#29

Closed
vparpoil wants to merge 1 commit into
leaonline:release/7.0.0from
vparpoil:fix-post-token-response
Closed

fix: acces token post response expires_in field wasn't sending an integer#29
vparpoil wants to merge 1 commit into
leaonline:release/7.0.0from
vparpoil:fix-post-token-response

Conversation

@vparpoil

@vparpoil vparpoil commented Mar 30, 2026

Copy link
Copy Markdown

moved accessTokenExpiresAt to expires_at and added expires_in which is the lifetime in seconds of the access token as per RFC 6749

   expires_in
         RECOMMENDED.  The lifetime in seconds of the access token.  For
         example, the value "3600" denotes that the access token will
         expire in one hour from the time the response was generated.
         If omitted, the authorization server SHOULD provide the
         expiration time via other means or document the default value.

@jankapunkt let me know if you think this could be merged. Thanks !

…eger

moved `accessTokenExpiresAt` to `expires_at` and added `expires_in` which is the lifetime in seconds of the access token
as per RFC 6749
@jankapunkt

Copy link
Copy Markdown
Member

Hi @vparpoil sorry for delay I was busy with lots of things and will get back to this next week because there is also an important security patch in the underlying node oauth2 server lib

@vparpoil

vparpoil commented May 4, 2026

Copy link
Copy Markdown
Author

#30 seems to also fix this :)

@jankapunkt

Copy link
Copy Markdown
Member

@vparpoil how would you like to proceed? Close in favor of #30? If so, would you help out in reviewing #30? I would create a release candidate that allows easier field-testing if you want. If you think this contains changes that are not part of #30 then we need to make a distinct plan how we can mange to merge both.

@jankapunkt jankapunkt mentioned this pull request May 5, 2026
7 tasks
@jankapunkt jankapunkt changed the base branch from master to release/7.0.0 May 5, 2026 06:00
@jankapunkt jankapunkt added this to the 7.0.0 milestone May 5, 2026
@vparpoil

vparpoil commented May 5, 2026

Copy link
Copy Markdown
Author

Hi @jankapunkt , I'm closing this in favor of #30 which is more complete and already includes my changes.
Implementation is a bit different, I used Math.max(0, Math.floor((expiresAtMs - Date.now()) / 1000)) while @edimarlnx used Math.floor((token.accessTokenExpiresAt - Date.now()) / 1000), assuming accessTokenExpiresAt always exists and is always greater than now (which I think is always the case).

Also I kept an expires_at field in the response, with the accessTokenExpiresAt included, but I think this is useless

We can test a RC on our setup when available. Thanks !

@vparpoil vparpoil closed this May 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants