fix: check expires_at when get grant public key

randomowo · randomowo · commit e0f1a23812d5 · 2025-10-23T11:21:40.000+03:00
diff --git a/persistence/sql/persister_grant_jwk.go b/persistence/sql/persister_grant_jwk.go
@@ -137,7 +137,12 @@ func (p *Persister) GetPublicKey(ctx context.Context, issuer string, subject str
 		tableName += "@hydra_oauth2_trusted_jwt_bearer_issuer_nid_uq_idx"
 	}
 
-	sql := fmt.Sprintf(`SELECT key_set FROM %s WHERE key_id = ? AND nid = ? AND issuer = ? AND (subject = ? OR allow_any_subject IS TRUE) LIMIT 1`, tableName)
+	expiresAt := "expires_at > NOW()"
+	if p.Connection(ctx).Dialect.Name() == "sqlite3" {
+		expiresAt = "expires_at > datetime('now')"
+	}
+
+	sql := fmt.Sprintf(`SELECT key_set FROM %s WHERE key_id = ? AND nid = ? AND issuer = ? AND (subject = ? OR allow_any_subject IS TRUE) AND %s LIMIT 1`, tableName, expiresAt)
 	query := p.Connection(ctx).RawQuery(sql,
 		keyId, p.NetworkID(ctx), issuer, subject,
 	)

Original file line number	Diff line number	Diff line change
`@@ -137,7 +137,12 @@ func (p *Persister) GetPublicKey(ctx context.Context, issuer string, subject str`
`137`	`137`	`tableName += "@hydra_oauth2_trusted_jwt_bearer_issuer_nid_uq_idx"`
`138`	`138`	`}`
`139`	`139`
`140`		- sql := fmt.Sprintf(`SELECT key_set FROM %s WHERE key_id = ? AND nid = ? AND issuer = ? AND (subject = ? OR allow_any_subject IS TRUE) LIMIT 1`, tableName)
	`140`	`+ expiresAt := "expires_at > NOW()"`
	`141`	`+ if p.Connection(ctx).Dialect.Name() == "sqlite3" {`
	`142`	`+ expiresAt = "expires_at > datetime('now')"`
	`143`	`+ }`
	`144`	`+`
	`145`	+ sql := fmt.Sprintf(`SELECT key_set FROM %s WHERE key_id = ? AND nid = ? AND issuer = ? AND (subject = ? OR allow_any_subject IS TRUE) AND %s LIMIT 1`, tableName, expiresAt)
`141`	`146`	`query := p.Connection(ctx).RawQuery(sql,`
`142`	`147`	`keyId, p.NetworkID(ctx), issuer, subject,`
`143`	`148`	`)`