Configuration per IdToken expiration

doorkeeper-gem · Jul 26, 2024 · ef734d4 · ef734d4
1 parent ab28ba3
commit ef734d4
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 6 deletions.
diff --git a/lib/doorkeeper/openid_connect/id_token.rb b/lib/doorkeeper/openid_connect/id_token.rb
@@ -7,19 +7,20 @@ class IdToken
 
       attr_reader :nonce
 
-      def initialize(access_token, nonce = nil)
+      def initialize(access_token, nonce = nil, expiration = nil)
         @access_token = access_token
         @nonce = nonce
         @resource_owner = Doorkeeper::OpenidConnect.configuration.resource_owner_from_access_token.call(access_token)
         @issued_at = Time.zone.now
+        @expiration = expiration || (@issued_at.utc + Doorkeeper::OpenidConnect.configuration.expiration).to_i
       end
 
       def claims
         {
           iss: issuer,
           sub: subject,
           aud: audience,
-          exp: expiration,
+          exp: @expiration,
           iat: issued_at,
           nonce: nonce,
           auth_time: auth_time
@@ -56,10 +57,6 @@ def audience
         @access_token.application.try(:uid)
       end
 
-      def expiration
-        (@issued_at.utc + Doorkeeper::OpenidConnect.configuration.expiration).to_i
-      end
-
       def issued_at
         @issued_at.utc.to_i
       end

diff --git a/spec/lib/id_token_spec.rb b/spec/lib/id_token_spec.rb
@@ -34,6 +34,16 @@
       )
     end
 
+    context 'when expiration is specified for the token' do
+      subject { described_class.new(access_token, nonce, expiration) }
+
+      let(:expiration) { 120 }
+
+      it 'returns expiration claim with the specified value' do
+        expect(subject.claims[:exp]).to eq(120)
+      end
+    end
+
     context 'when application is not set on the access token' do
       before do
         access_token.application = nil