libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Merge pull request #3199 from stianst/KEYCLOAK-3475

Browse source 
KEYCLOAK-3475 Fixes for on token expired event
This commit is contained in:
Stian Thorgersen 2016-09-06 15:36:46 +02:00 committed by GitHub
commit eebd496c2f
1 changed files with 12 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
adapters/oidc/js/src/main/resources/keycloak.js
View file

@ -154,7 +154,7 @@
return; return;
} else if (initOptions) { } else if (initOptions) {
if (initOptions.token || initOptions.refreshToken) { if (initOptions.token || initOptions.refreshToken) {
setToken(initOptions.token, initOptions.refreshToken, initOptions.idToken, false); setToken(initOptions.token, initOptions.refreshToken, initOptions.idToken);
kc.timeSkew = initOptions.timeSkew || 0; kc.timeSkew = initOptions.timeSkew || 0;
if (loginIframe.enable) { if (loginIframe.enable) {
@ -406,10 +406,10 @@
timeLocal = (timeLocal + new Date().getTime()) / 2; timeLocal = (timeLocal + new Date().getTime()) / 2;
var tokenResponse = JSON.parse(req.responseText); var tokenResponse = JSON.parse(req.responseText);
setToken(tokenResponse['access_token'], tokenResponse['refresh_token'], tokenResponse['id_token'], true);
kc.timeSkew = Math.floor(timeLocal / 1000) - kc.tokenParsed.iat; kc.timeSkew = Math.floor(timeLocal / 1000) - kc.tokenParsed.iat;
setToken(tokenResponse['access_token'], tokenResponse['refresh_token'], tokenResponse['id_token']);
kc.onAuthRefreshSuccess && kc.onAuthRefreshSuccess(); kc.onAuthRefreshSuccess && kc.onAuthRefreshSuccess();
for (var p = refreshQueue.pop(); p != null; p = refreshQueue.pop()) { for (var p = refreshQueue.pop(); p != null; p = refreshQueue.pop()) {
p.setSuccess(true); p.setSuccess(true);
@ -444,7 +444,7 @@
kc.clearToken = function() { kc.clearToken = function() {
if (kc.token) { if (kc.token) {
setToken(null, null, null, true); setToken(null, null, null);
kc.onAuthLogout && kc.onAuthLogout(); kc.onAuthLogout && kc.onAuthLogout();
if (kc.loginRequired) { if (kc.loginRequired) {
kc.login(); kc.login();
@ -525,7 +525,7 @@
function authSuccess(accessToken, refreshToken, idToken, fulfillPromise) { function authSuccess(accessToken, refreshToken, idToken, fulfillPromise) {
timeLocal = (timeLocal + new Date().getTime()) / 2; timeLocal = (timeLocal + new Date().getTime()) / 2;
setToken(accessToken, refreshToken, idToken, true); setToken(accessToken, refreshToken, idToken);
if ((kc.tokenParsed && kc.tokenParsed.nonce != oauth.storedNonce) || if ((kc.tokenParsed && kc.tokenParsed.nonce != oauth.storedNonce) ||
(kc.refreshTokenParsed && kc.refreshTokenParsed.nonce != oauth.storedNonce) || (kc.refreshTokenParsed && kc.refreshTokenParsed.nonce != oauth.storedNonce) ||
@ -609,7 +609,7 @@
return promise.promise; return promise.promise;
} }
function setToken(token, refreshToken, idToken, useTokenTime) { function setToken(token, refreshToken, idToken) {
if (kc.tokenTimeoutHandle) { if (kc.tokenTimeoutHandle) {
clearTimeout(kc.tokenTimeoutHandle); clearTimeout(kc.tokenTimeoutHandle);
kc.tokenTimeoutHandle = null; kc.tokenTimeoutHandle = null;
@ -629,9 +629,12 @@
kc.resourceAccess = kc.tokenParsed.resource_access; kc.resourceAccess = kc.tokenParsed.resource_access;
if (kc.onTokenExpired) { if (kc.onTokenExpired) {
var start = useTokenTime ? kc.tokenParsed.iat : (new Date().getTime() / 1000); var expiresIn = (kc.tokenParsed['exp'] - (new Date().getTime() / 1000) + kc.timeSkew) * 1000;
var expiresIn = kc.tokenParsed.exp - start; if (expiresIn <= 0) {
kc.tokenTimeoutHandle = setTimeout(kc.onTokenExpired, expiresIn * 1000); kc.onTokenExpired();
} else {
kc.tokenTimeoutHandle = setTimeout(kc.onTokenExpired, expiresIn);
}
} }
} else { } else {