fix(oauth): add exp to idToken (#20694)

2023-05-04 22:49:03 +03:00 · 2023-05-04 22:49:03 +03:00 · e0ed7d3b97
commit e0ed7d3b97
parent f5ba787f4b
2 changed files with 4 additions and 0 deletions
--- a/frappe/oauth.py
+++ b/frappe/oauth.py
@ -331,6 +331,8 @@ class OAuthWebRequestValidator(RequestValidator):

 		userinfo = get_userinfo(user)

+		id_token["exp"] = id_token.get("iat") + token.get("expires_in")
+
 		if userinfo.get("iss"):
 			id_token["iss"] = userinfo.get("iss")

@ -363,6 +365,7 @@ class OAuthWebRequestValidator(RequestValidator):

 	def get_jwt_bearer_token(self, token, token_handler, request):
 		now = datetime.datetime.now()
+
 		id_token = dict(
 			aud=token.client_id,
 			iat=round(now.timestamp()),
--- a/frappe/tests/test_oauth20.py
+++ b/frappe/tests/test_oauth20.py
@ -367,6 +367,7 @@ class TestOAuth20(FrappeRequestTestCase):
 			audience=self.client_id,
 			key=self.client_secret,
 			algorithms=["HS256"],
+			options={"verify_signature": True, "require": ["exp", "iat", "aud"]},
 		)