jwt: allow setting a custom expiry time for JWT tokens

The current implementation of JWS/JWT in this package uses a fixed 1 hour expiry time for JWT tokens. Some services do not accept such a long expiry time, e.g. Salesforce, which defaults to a 5 minute expiry. https://help.salesforce.com/HTViewHelpDoc?id=remoteaccess_oauth_jwt_flow.htm This change adds an Expires time.Duration property to the jwt.Config struct that, if set, will be used to calculate the jws.ClaimSet Exp property. It allows a custom expiry to be set on a JWT token. This change is backward compatible and will revert to previous behaviour if the Expires property is not set. Fixes golang/oauth2#151 Change-Id: I3159ac2a5711ef10389d83c0e290bfc7a9f54015 Reviewed-on: https://go-review.googlesource.com/14681 Reviewed-by: Burcu Dogan <jbd@google.com>
2015-09-16 16:33:09 +00:00
parent 9ecad5029b
commit d5ff5ab876
2 changed files with 18 additions and 13 deletions
--- a/jwt/jwt.go
+++ b/jwt/jwt.go
@@ -54,6 +54,9 @@ type Config struct {

 	// TokenURL is the endpoint required to complete the 2-legged JWT flow.
 	TokenURL string
+
+	// Expires optionally specifies how long the token is valid for.
+	Expires time.Duration
 }

 // TokenSource returns a JWT TokenSource using the configuration
@@ -95,6 +98,9 @@ func (js jwtSource) Token() (*oauth2.Token, error) {
 		// to be compatible with legacy OAuth 2.0 providers.
 		claimSet.Prn = subject
 	}
+	if t := js.conf.Expires; t > 0 {
+		claimSet.Exp = time.Now().Add(t).Unix()
+	}
 	payload, err := jws.Encode(defaultHeader, claimSet, pk)
 	if err != nil {
 		return nil, err