Configuration per IdToken expiration

doorkeeper-gem · Jul 26, 2024 · 5e2d406 · 5e2d406
1 parent ab28ba3
commit 5e2d406
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/lib/doorkeeper/openid_connect/id_token.rb b/lib/doorkeeper/openid_connect/id_token.rb
@@ -7,11 +7,12 @@ class IdToken
 
       attr_reader :nonce
 
-      def initialize(access_token, nonce = nil)
+      def initialize(access_token, nonce = nil, expires_in = Doorkeeper::OpenidConnect.configuration.expiration)
         @access_token = access_token
         @nonce = nonce
         @resource_owner = Doorkeeper::OpenidConnect.configuration.resource_owner_from_access_token.call(access_token)
         @issued_at = Time.zone.now
+        @expires_in = expires_in
       end
 
       def claims
@@ -57,7 +58,7 @@ def audience
       end
 
       def expiration
-        (@issued_at.utc + Doorkeeper::OpenidConnect.configuration.expiration).to_i
+        (@issued_at.utc + @expires_in).to_i
       end
 
       def issued_at

diff --git a/spec/lib/id_token_spec.rb b/spec/lib/id_token_spec.rb
@@ -34,6 +34,16 @@
       )
     end
 
+    context 'when expires_in is specified for the token' do
+      subject { described_class.new(access_token, nonce, expires_in) }
+
+      let(:expires_in) { 10 }
+
+      it 'returns expiration claim with the specified value' do
+        expect(subject.claims[:exp]).to eq(subject.claims[:iat] + expires_in)
+      end
+    end
+
     context 'when application is not set on the access token' do
       before do
         access_token.application = nil