fix(manager): requestTimeout and parser

ndyakov · ndyakov · commit 76cefccfdfc1 · 2025-04-28T15:13:44.000+03:00
Set default requestTimeout to 30 seconds
diff --git a/manager/defaults.go b/manager/defaults.go
@@ -13,6 +13,7 @@ import (
 )
 
 const (
+	DefaultRequestTimeout                = 30 * time.Second
 	DefaultExpirationRefreshRatio        = 0.7
 	DefaultRetryOptionsMaxAttempts       = 3
 	DefaultRetryOptionsBackoffMultiplier = 2.0
@@ -85,6 +86,9 @@ func defaultTokenManagerOptionsOr(options TokenManagerOptions) TokenManagerOptio
 	if options.ExpirationRefreshRatio == 0 {
 		options.ExpirationRefreshRatio = DefaultExpirationRefreshRatio
 	}
+	if options.RequestTimeout == 0 {
+		options.RequestTimeout = DefaultRequestTimeout
+	}
 	return options
 }
 
@@ -108,16 +112,31 @@ func (*defaultIdentityProviderResponseParser) ParseResponse(response shared.Iden
 		if err != nil {
 			return nil, fmt.Errorf("failed to get auth result: %w", err)
 		}
-		if authResult.ExpiresOn.IsZero() {
-			return nil, fmt.Errorf("auth result expiration time is not set")
+
+		claims := struct {
+			jwt.RegisteredClaims
+			Oid string `json:"oid,omitempty"`
+		}{}
+
+		// Parse the token to extract claims, but note that signature verification
+		// should be handled by the identity provider
+		_, _, err = jwt.NewParser().ParseUnverified(authResult.AccessToken, &claims)
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse JWT token: %w", err)
 		}
-		if authResult.IDToken.Oid == "" {
+
+		if claims.Oid == "" {
 			return nil, fmt.Errorf("auth result OID is empty")
 		}
-		rawToken = authResult.IDToken.RawToken
-		username = authResult.IDToken.Oid
+
+		if claims.ExpiresAt.IsZero() {
+			return nil, fmt.Errorf("auth result expiration time is not set")
+		}
+
+		rawToken = authResult.AccessToken
+		username = claims.Oid
 		password = rawToken
-		expiresOn = authResult.ExpiresOn.UTC()
+		expiresOn = claims.ExpiresAt.UTC()
 
 	case shared.ResponseTypeRawToken, shared.ResponseTypeAccessToken:
 		var tokenStr string
diff --git a/manager/token_manager.go b/manager/token_manager.go
@@ -44,6 +44,8 @@ type TokenManagerOptions struct {
 	RetryOptions RetryOptions
 
 	// RequestTimeout is the timeout for the request to the identity provider.
+	//
+	// default: 30 seconds
 	RequestTimeout time.Duration
 }
 

Original file line number	Diff line number	Diff line change
`@@ -44,6 +44,8 @@ type TokenManagerOptions struct {`
`44`	`44`	`RetryOptions RetryOptions`
`45`	`45`
`46`	`46`	`// RequestTimeout is the timeout for the request to the identity provider.`
	`47`	`+ //`
	`48`	`+ // default: 30 seconds`
`47`	`49`	`RequestTimeout time.Duration`
`48`	`50`	`}`
`49`	`51`