From e0ed7d3b976eddfd1e3cd7f3bd41415ea25d1893 Mon Sep 17 00:00:00 2001
From: William Luke <william@atto-byte.com>
Date: Thu, 4 May 2023 22:49:03 +0300
Subject: [PATCH] fix(oauth): add exp to idToken (#20694)

---
 frappe/oauth.py              | 3 +++
 frappe/tests/test_oauth20.py | 1 +
 2 files changed, 4 insertions(+)

diff --git a/frappe/oauth.py b/frappe/oauth.py
index 2d25b5dfb5..aa486fe8ba 100644
--- a/frappe/oauth.py
+++ b/frappe/oauth.py
@@ -331,6 +331,8 @@ class OAuthWebRequestValidator(RequestValidator):
 
 		userinfo = get_userinfo(user)
 
+		id_token["exp"] = id_token.get("iat") + token.get("expires_in")
+
 		if userinfo.get("iss"):
 			id_token["iss"] = userinfo.get("iss")
 
@@ -363,6 +365,7 @@ class OAuthWebRequestValidator(RequestValidator):
 
 	def get_jwt_bearer_token(self, token, token_handler, request):
 		now = datetime.datetime.now()
+
 		id_token = dict(
 			aud=token.client_id,
 			iat=round(now.timestamp()),
diff --git a/frappe/tests/test_oauth20.py b/frappe/tests/test_oauth20.py
index 9790637004..8de652b888 100644
--- a/frappe/tests/test_oauth20.py
+++ b/frappe/tests/test_oauth20.py
@@ -367,6 +367,7 @@ class TestOAuth20(FrappeRequestTestCase):
 			audience=self.client_id,
 			key=self.client_secret,
 			algorithms=["HS256"],
+			options={"verify_signature": True, "require": ["exp", "iat", "aud"]},
 		)