[keycloak-dev] JavaScript client adapter - minValidity

Sergio Livi me at serl.it
Sat Apr 13 06:18:45 EDT 2019


Hello,
I've had a little issue while using the updateToken function[1]. In
particular, I was accidentally passing a string not containing a number as
minValidity.

Totally my fault, but the result is that no error is thrown and everything
seems to work, but the token will be never renewed.
This is the end of the function isTokenExpired, called from updateToken:

if (minValidity) {
    expiresIn -= minValidity;
    // expiresIn becomes NaN, as minValidity is not "cast-able" to a number
}
return expiresIn < 0; // NaN < 0 is false, so the token will be never
refreshed

I think there should be a check somewhere to either:
- throw an error, or
- display a warning on the console, ignore the buggy minValidity and carry
on.

If you wish, I could prepare a PR with a fix for this, just tell me which
option you prefer.

Thanks!


[1] this one: <
https://github.com/keycloak/keycloak/blob/e7deb77725a1c777902096e1880911c10f580d50/adapters/oidc/js/src/main/resources/keycloak.js#L439
>


More information about the keycloak-dev mailing list