diff options
| author |  Julien Boeuf <jboeuf@google.com> | 2017-04-24 13:55:46 -0700 |
|---|---|---|
| committer | Julien Boeuf <jboeuf@google.com> | 2017-07-13 21:58:01 -0700 |
| commit | da8eca56e20fcd18fb1e138bc575d07cc49d8f2c (patch) | |
| tree | 5b6e8cc2822cb17ad81498efac4008782606aac8 /src | |
| parent | e48bff9ba03bfa76eba5f1e63949f89a60f32a77 (diff) | |
Better handling of token lifetime.
- In C++, we need a constant for the max lifetime.
- In C, make sure that we crop the lifetime in the credentials object
itself and not just later during the creation of the token. This will
allow the refresh to occur based on the actual token lifetime as opposed
to the one from the user (which may be cropped).
Diffstat (limited to 'src')
| -rw-r--r-- | src/core/lib/security/credentials/jwt/jwt_credentials.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/core/lib/security/credentials/jwt/jwt_credentials.c b/src/core/lib/security/credentials/jwt/jwt_credentials.c index 589a6f9407..4357657def 100644 --- a/src/core/lib/security/credentials/jwt/jwt_credentials.c +++ b/src/core/lib/security/credentials/jwt/jwt_credentials.c @@ -125,6 +125,13 @@ grpc_service_account_jwt_access_credentials_create_from_auth_json_key( gpr_ref_init(&c->base.refcount, 1); c->base.vtable = &jwt_vtable; c->key = key; + gpr_timespec max_token_lifetime = grpc_max_auth_token_lifetime(); + if (gpr_time_cmp(token_lifetime, max_token_lifetime) > 0) { + gpr_log(GPR_INFO, + "Cropping token lifetime to maximum allowed value (%d secs).", + (int)max_token_lifetime.tv_sec); + token_lifetime = grpc_max_auth_token_lifetime(); + } c->jwt_lifetime = token_lifetime; gpr_mu_init(&c->cache_mu); jwt_reset_cache(exec_ctx, c); |