mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

idp: Use 900 seconds as minimum expiry without returning an error (#3022)

Browse Source 
Do not bother the user with an error if the IDP expiry is less than
900 seconds, since the S3 spec sets a minimum of 900 seconds for STS
expiration, use that minimum duration instead of returning an error

Co-authored-by: Anis Elleuch <anis@min.io>
Co-authored-by: Alex <33497058+bexsoft@users.noreply.github.com>
This commit is contained in:
Anis Eleuch
2023-09-02 15:50:45 +01:00
committed by GitHub
parent 467b6b9bcb
commit 50d6a39312
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/auth/idp/oauth2/provider.go
View File

@@ -341,6 +341,12 @@ func (client *Provider) VerifyIdentity(ctx context.Context, code, state, roleARN
expiration = exp
}
// Minimum duration in S3 spec is 15 minutes, do not bother returning
// an error to the user and force the minimum duration instead
if expiration < 900*time.Second {
expiration = 900 * time.Second
}
idToken := oauth2Token.Extra("id_token")
if idToken == nil {
return nil, errors.New("missing id_token")