Skip to content

feat(auth): replace expires_in with expires_at for token expiry #199

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
aaryan359 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(auth): replace expires_in with expires_at for token expiry #199

aaryan359 wants to merge 1 commit into from
+98 −11

Conversation

@aaryan359
Copy link

@aaryan359 aaryan359 commented Feb 10, 2026

Description

As discussed in this fossology/LicenseDb-UI#26, I updated the expire_in logic to expire_at, and also created a PR in the frontend fossology/LicenseDb-UI#54

Changes

  • Added backend-generated expires_at field for access tokens
  • Removed reliance on client-side expiry calculation using expires_in
  • Ensured token expiry is authoritative and latency-safe

Submitter Checklist

  • Includes tests
  • [x ] Includes docs
  • I have tested my changes locally.

References

N/A

@aaryan359
Copy link
Author

aaryan359 commented Feb 10, 2026

@deo002 Please check this? Does it looks good?

deo002
deo002 requested changes Feb 11, 2026
View reviewed changes
Copy link
Collaborator

@deo002 deo002 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your contributions! Some changes are required.

pkg/auth/auth.go
}

expiresInSeconds := int64(accessTokenLifespan * 3600)
expiresAt := now.Add(time.Second * time.Duration(expiresInSeconds))
Copy link
Collaborator

@deo002 deo002 Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use the same value here that is used for the creation of the access token at line 1093

tests/auth_test.go
t.Fatalf("invalid expires_at format: %v", err)
}

min := before.Add(59 * time.Minute)
Copy link
Collaborator

@deo002 deo002 Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't this configurable in the .env.test.example file and the test would fail if I change it? Also, let's not check it this way. We have a field called iat in the token. We can get the exact expiry date by adding the lifespan set in the .env file to the issued_at attribute.

tests/auth_test.go
}

// Expect ~1 hour validity again
min := before.Add(59 * time.Minute)
Copy link
Collaborator

@deo002 deo002 Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@deo002 deo002 deo002 requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@aaryan359 @deo002