Mxmilu666/frp - frp - Lolia Gitea

Mxmilu666/frp

Fork 1

mirror of https://github.com/fatedier/frp.git synced 2026-03-17 23:39:16 +08:00

Commit Graph

Author	SHA1	Message	Date
fatedier	ff4ad2f907	auth/oidc: fix eager token fetch at startup, add validation and e2e tests (#5234 )	2026-03-15 22:29:45 +08:00
Shani Pathak	94a631fe9c	auth/oidc: cache OIDC access token and refresh before expiry (#5175 ) * auth/oidc: cache OIDC access token and refresh before expiry - Use Config.TokenSource(ctx) once at init to create a persistent oauth2.TokenSource that caches the token and only refreshes on expiry - Wrap with oauth2.ReuseTokenSourceWithExpiry for configurable early refresh - Add tokenRefreshAdvanceDuration config option (default: 300s) - Add unit test verifying token caching with mock HTTP server * address review comments * auth/oidc: fallback to per-request token fetch when expires_in is missing When an OIDC provider omits the expires_in field, oauth2.ReuseTokenSource treats the cached token as valid forever and never refreshes it. This causes server-side OIDC verification to fail once the JWT's exp claim passes. Add a nonCachingTokenSource fallback: after fetching the initial token, if its Expiry is the zero value, swap the caching TokenSource for one that fetches a fresh token on every request, preserving the old behavior for providers that don't return expires_in. * auth/oidc: fix gosec lint and add test for zero-expiry fallback Suppress G101 false positive on test-only dummy token responses. Add test to verify per-request token fetch when expires_in is missing. Update caching test to account for eager initial token fetch. * fix lint	2026-03-12 00:24:46 +08:00
RobKenis	2466e65f43	support multiple subjects in oidc ping (#4475 ) Resolves: #4466	2024-10-12 18:52:47 +08:00

Author

SHA1

Message

Date

fatedier

ff4ad2f907

auth/oidc: fix eager token fetch at startup, add validation and e2e tests (#5234 )

2026-03-15 22:29:45 +08:00

Shani Pathak

94a631fe9c

auth/oidc: cache OIDC access token and refresh before expiry (#5175 )

* auth/oidc: cache OIDC access token and refresh before expiry

- Use Config.TokenSource(ctx) once at init to create a persistent
  oauth2.TokenSource that caches the token and only refreshes on expiry
- Wrap with oauth2.ReuseTokenSourceWithExpiry for configurable early refresh
- Add tokenRefreshAdvanceDuration config option (default: 300s)
- Add unit test verifying token caching with mock HTTP server

* address review comments

* auth/oidc: fallback to per-request token fetch when expires_in is missing

When an OIDC provider omits the expires_in field, oauth2.ReuseTokenSource
treats the cached token as valid forever and never refreshes it. This causes
server-side OIDC verification to fail once the JWT's exp claim passes.

Add a nonCachingTokenSource fallback: after fetching the initial token, if
its Expiry is the zero value, swap the caching TokenSource for one that
fetches a fresh token on every request, preserving the old behavior for
providers that don't return expires_in.

* auth/oidc: fix gosec lint and add test for zero-expiry fallback

Suppress G101 false positive on test-only dummy token responses.
Add test to verify per-request token fetch when expires_in is missing.
Update caching test to account for eager initial token fetch.

* fix lint

2026-03-12 00:24:46 +08:00

RobKenis

2466e65f43

support multiple subjects in oidc ping (#4475 )

Resolves: #4466

2024-10-12 18:52:47 +08:00

3 Commits