libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

[KEYCLOAK-7227] Check if refresh token is expired before using it (#8359)

Browse source
This commit is contained in:
Tobias Larscheid 2022-08-30 20:35:13 +02:00 committed by GitHub
parent c4971d179c
commit a706e354f3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
integration/admin-client/src/main/java/org/keycloak/admin/client/token/TokenManager.java
View file

@ -46,6 +46,7 @@ public class TokenManager {
private AccessTokenResponse currentToken;
private long expirationTime;
private long refreshExpirationTime;
private long minTokenValidity = DEFAULT_MIN_VALIDITY;
private final Config config;
private final TokenService tokenService;
@ -97,12 +98,13 @@ public class TokenManager {
synchronized (this) {
currentToken = tokenService.grantToken(config.getRealm(), form.asMap());
expirationTime = requestTime + currentToken.getExpiresIn();
refreshExpirationTime = requestTime + currentToken.getRefreshExpiresIn();
}
return currentToken;
}
public synchronized AccessTokenResponse refreshToken() {
if (currentToken.getRefreshToken() == null) {
if (currentToken.getRefreshToken() == null || refreshTokenExpired()) {
return grantToken();
}
@ -132,6 +134,8 @@ public class TokenManager {
return (Time.currentTime() + minTokenValidity) >= expirationTime;
}
private synchronized boolean refreshTokenExpired() { return (Time.currentTime() + minTokenValidity) >= refreshExpirationTime; }
/**
* Invalidates the current token, but only when it is equal to the token passed as an argument.
*