[keycloak-dev] JavaScript client adapter - minValidity
Bruno Oliveira
bruno at abstractj.org
Sat Apr 13 21:02:31 EDT 2019
Hi Sergio, could you please file a Jira with the steps to reproduce the
problem?
Also, feel free to attach the PR into the comments.
Thank you
On Sat, Apr 13, 2019, 7:19 AM Sergio Livi <me at serl.it> wrote:
> Hello,
> I've had a little issue while using the updateToken function[1]. In
> particular, I was accidentally passing a string not containing a number as
> minValidity.
>
> Totally my fault, but the result is that no error is thrown and everything
> seems to work, but the token will be never renewed.
> This is the end of the function isTokenExpired, called from updateToken:
>
> if (minValidity) {
> expiresIn -= minValidity;
> // expiresIn becomes NaN, as minValidity is not "cast-able" to a number
> }
> return expiresIn < 0; // NaN < 0 is false, so the token will be never
> refreshed
>
> I think there should be a check somewhere to either:
> - throw an error, or
> - display a warning on the console, ignore the buggy minValidity and carry
> on.
>
> If you wish, I could prepare a PR with a fix for this, just tell me which
> option you prefer.
>
> Thanks!
>
>
> [1] this one: <
>
> https://github.com/keycloak/keycloak/blob/e7deb77725a1c777902096e1880911c10f580d50/adapters/oidc/js/src/main/resources/keycloak.js#L439
> >
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list