Fixes #1318 by multiplying decreaseExpirationBySec with 1000. Also fixes returning true for calling hasValidAccessToken on tokens which are already expired

manfredsteyer / angular-oauth2-oidc

Support for OAuth 2 and OpenId Connect (OIDC) in Angular.

MIT License

1.86k stars 681 forks source link

Fixes #1318 by multiplying decreaseExpirationBySec with 1000. Also fixes returning true for calling hasValidAccessToken on tokens which are already expired #1374

Open IchbinkeinReh opened 7 months ago

IchbinkeinReh commented 7 months ago

In the "expires_at" is set and its calculated with local clock (see https://github.com/manfredsteyer/angular-oauth2-oidc/blob/15.0.0/projects/lib/src/oauth-service.ts#L1698 ). Therefore there is no need to appy clockSkewInMsec in hasValidAccessToken

IchbinkeinReh commented 7 months ago

@manfredsteyer or @jeroenheijmans Could you please have a look at this PR, because i think the part with the "expires_at" is rather critical

jeroenheijmans commented 7 months ago

Heya! FYI: I'm no longer very active as a maintainer or community moderator (see #1280), so I will likely not be investigating or reviewing. But thanks for submitting a fix to this Open Source project, hopefully Manfred or another contributor can find time to help out!

IchbinkeinReh commented 5 months ago

@manfredsteyer sry for bumping, but i think this is a big issue and should be fixed asap

bkrajendra commented 1 month ago

Need to be merged.