Closed as not planned
Closed as not planned
Description
For some token endpoints out there, if the access token response doesn't contain the expires_in
field, while unmarshaling this response body, it assigns a default or zero time 0001-01-01 00:00:00 +0000
as the expiry.
This causes the access token to be valid in the below func expired()
even if it's expired. Ideally, the zero time is before the current time; should it invalidate this? Should the below code return true
when if t.Expiry.IsZero()
?
[email protected]/token.go
// timeNow is time.Now but pulled out as a variable for tests.
var timeNow = time.Now
// expired reports whether the token is expired.
// t must be non-nil.
func (t *Token) expired() bool {
if t.Expiry.IsZero() {
return false
}
expiryDelta := defaultExpiryDelta
if t.expiryDelta != 0 {
expiryDelta = t.expiryDelta
}
return t.Expiry.Round(0).Add(-expiryDelta).Before(timeNow())
}
// Valid reports whether t is non-nil, has an AccessToken, and is not expired.
func (t *Token) Valid() bool {
return t != nil && t.AccessToken != "" && !t.expired()
}
Metadata
Metadata
Assignees
Labels
No labels