mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-05-08 08:01:18 -05:00
Code Issues Packages Projects Releases Wiki Activity

Adding a test case to check that the expiration time is set on logout tokens

Browse Source 
Closes #25753

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
(cherry picked from commit 9e890264df)
This commit is contained in:
Alexander Schwartz
2023-12-22 12:36:48 +01:00
committed by Alexander Schwartz
parent 0c660af047
commit efd53f1d5d
2 changed files with 25 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/src/main/java/org/keycloak/jose/jws/DefaultTokenManager.java
+2
View File
@@ -329,6 +329,8 @@ public class DefaultTokenManager implements TokenManager {
LogoutToken token = new LogoutToken();
token.id(KeycloakModelUtils.generateId());
token.issuedNow();
// From the spec "OpenID Connect Back-Channel Logout 1.0 incorporating errata set 1" at https://openid.net/specs/openid-connect-backchannel-1_0.html
// "OPs are encouraged to use short expiration times in Logout Tokens, preferably at most two minutes in the future [...]"
token.exp(Time.currentTime() + Duration.ofMinutes(2).getSeconds());
token.issuer(clientSession.getNote(OIDCLoginProtocol.ISSUER));
token.putEvents(TokenUtil.TOKEN_BACKCHANNEL_LOGOUT_EVENT, JsonSerialization.createObjectNode());