diff options
author | jboeuf <jboeuf@users.noreply.github.com> | 2017-07-14 16:56:03 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-07-14 16:56:03 -0700 |
commit | 29d472303dcef30bfbd3989b9fd0f4baf40aa96c (patch) | |
tree | aaa9803861a73d9af2c66dbda580d47dff762414 /src | |
parent | ac51c2aa9b6d5cef7f3b4a498c7ae8a3d60960ad (diff) | |
parent | da8eca56e20fcd18fb1e138bc575d07cc49d8f2c (diff) |
Merge pull request #10827 from jboeuf/max_token_lifetime_cpp
Better handling of token lifetime.
Diffstat (limited to 'src')
-rw-r--r-- | src/core/lib/security/credentials/jwt/jwt_credentials.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/core/lib/security/credentials/jwt/jwt_credentials.c b/src/core/lib/security/credentials/jwt/jwt_credentials.c index 589a6f9407..4357657def 100644 --- a/src/core/lib/security/credentials/jwt/jwt_credentials.c +++ b/src/core/lib/security/credentials/jwt/jwt_credentials.c @@ -125,6 +125,13 @@ grpc_service_account_jwt_access_credentials_create_from_auth_json_key( gpr_ref_init(&c->base.refcount, 1); c->base.vtable = &jwt_vtable; c->key = key; + gpr_timespec max_token_lifetime = grpc_max_auth_token_lifetime(); + if (gpr_time_cmp(token_lifetime, max_token_lifetime) > 0) { + gpr_log(GPR_INFO, + "Cropping token lifetime to maximum allowed value (%d secs).", + (int)max_token_lifetime.tv_sec); + token_lifetime = grpc_max_auth_token_lifetime(); + } c->jwt_lifetime = token_lifetime; gpr_mu_init(&c->cache_mu); jwt_reset_cache(exec_ctx, c); |