Closed pghole closed 4 months ago
I have tried to fix the issue by adding 60s timedelta in is_expired
function.
check PR #634
Thanks
This issue was fixed in #634 , but since that PR is not linked to this issue, it was not closed automatically.
@pghole Can you close it?
Describe the bug
I am using the OAuth2session object
Here, the library behavior is that the token gets automatically refreshed if that has expired. Refer https://github.com/lepture/authlib/blob/master/authlib/oauth2/client.py#L257
However, the function which checks the token expiry https://github.com/lepture/authlib/blob/master/authlib/oauth2/rfc6749/wrappers.py#L13 , simply checks the expiry time with the current time . Because of this we are missing some corner cases, where the token is about to expire in few milliseconds/seconds and when the API call to the protected url is made, it gives error in authentication.
JWT expired at 2023-06-20T13:16:42Z. Current time: 2023-06-20T13:16:42Z, a difference of 105 milliseconds. Allowed clock skew: 0 milliseconds."
Error StacksJWT expired at 2023-06-20T13:16:42Z. Current time: 2023-06-20T13:16:42Z, a difference of 105 milliseconds. Allowed clock skew: 0 milliseconds."
To Reproduce
A minimal example to reproduce the behavior:
While the exact replication is not possible here as the request is failing by few milliseconds.
A clear and concise description of what you expected to happen.
Even if the token got expired by few milliseconds, the library should be able to handle such cases by obtaining a new token. Instead of https://github.com/lepture/authlib/blob/master/authlib/oauth2/rfc6749/wrappers.py#L17 , we should be adding a small timedelta . For eg - even if the token is going to expire in next 60 seconds, refresh that still.
Environment:
Additional context
There should be some timedelta introduced in the function , so that we can avoid facing issues where API requests fail by few milliseconds. Here, we can add logic to show that token has expired , let's say 30-60 seconds prior to its actual expiry.