Skip to content

Commit

Permalink
fix OIDCRefreshAccessTokenBeforeExpiry when using `logout_on_error
Browse files Browse the repository at this point in the history
see #1111; thanks @brandonk10; bump to 2.4.14.4rc0

Signed-off-by: Hans Zandbelt <[email protected]>
  • Loading branch information
zandbelt committed Sep 14, 2023
1 parent 34fa5d7 commit 1cf0a98
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 7 deletions.
4 changes: 4 additions & 0 deletions ChangeLog
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
09/14/2023
- fix `OIDCRefreshAccessTokenBeforeExpiry` when using `logout_on_error`; see #1111; thanks @brandonk10
- bump to 2.4.14.4rc0

09/05/2023
- release 2.4.14.3

Expand Down
2 changes: 1 addition & 1 deletion configure.ac
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
AC_INIT([mod_auth_openidc],[2.4.14.3],[[email protected]])
AC_INIT([mod_auth_openidc],[2.4.14.4rc0],[[email protected]])

AC_SUBST(NAMEVER, AC_PACKAGE_TARNAME()-AC_PACKAGE_VERSION())

Expand Down
13 changes: 7 additions & 6 deletions src/mod_auth_openidc.c
Original file line number Diff line number Diff line change
Expand Up @@ -1361,7 +1361,8 @@ static apr_byte_t oidc_session_pass_tokens(request_rec *r, oidc_cfg *cfg,
}

static apr_byte_t oidc_refresh_access_token_before_expiry(request_rec *r,
oidc_cfg *cfg, oidc_session_t *session, int ttl_minimum) {
oidc_cfg *cfg, oidc_session_t *session, int ttl_minimum,
apr_byte_t *needs_save) {

const char *s_access_token_expires = NULL;
apr_time_t t_expires = -1;
Expand All @@ -1370,7 +1371,7 @@ static apr_byte_t oidc_refresh_access_token_before_expiry(request_rec *r,
oidc_debug(r, "ttl_minimum=%d", ttl_minimum);

if (ttl_minimum < 0)
return FALSE;
return TRUE;

s_access_token_expires = oidc_session_get_access_token_expires(r, session);
if (s_access_token_expires == NULL) {
Expand All @@ -1397,7 +1398,7 @@ static apr_byte_t oidc_refresh_access_token_before_expiry(request_rec *r,
apr_time_sec(t_expires - apr_time_now()));

if (t_expires > apr_time_now())
return FALSE;
return TRUE;

if (oidc_get_provider_from_session(r, cfg, session, &provider) == FALSE)
return FALSE;
Expand All @@ -1408,6 +1409,8 @@ static apr_byte_t oidc_refresh_access_token_before_expiry(request_rec *r,
return FALSE;
}

*needs_save = TRUE;

return TRUE;
}

Expand Down Expand Up @@ -1679,7 +1682,7 @@ static int oidc_handle_existing_session(request_rec *r, oidc_cfg *cfg,

/* if needed, refresh the access token */
rv = oidc_refresh_access_token_before_expiry(r, cfg, session,
oidc_cfg_dir_refresh_access_token_before_expiry(r));
oidc_cfg_dir_refresh_access_token_before_expiry(r), needs_save);
if (rv == FALSE) {
if (oidc_cfg_dir_action_on_error_refresh(r) == OIDC_ON_ERROR_LOGOUT) {
*needs_save = FALSE;
Expand All @@ -1694,8 +1697,6 @@ static int oidc_handle_existing_session(request_rec *r, oidc_cfg *cfg,
}
}

*needs_save |= rv;

/* if needed, refresh claims from the user info endpoint */
rv = oidc_refresh_claims_from_userinfo_endpoint(r, cfg, session, needs_save);
if (rv == FALSE) {
Expand Down

0 comments on commit 1cf0a98

Please sign in to comment.