Skip to content

OAuth2AuthorizationCodeAuthenticationProvider should check if the code has expired #290

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
AlekseyMishanin opened this issue May 11, 2021 · 1 comment
Closed

OAuth2AuthorizationCodeAuthenticationProvider should check if the code has expired #290

AlekseyMishanin opened this issue May 11, 2021 · 1 comment
Assignees
@sjohnr
Labels
type: bug A general bug
Milestone
0.1.2

Comments

@AlekseyMishanin
Copy link

Hi guys! Glad to see you all.
When a client exchanges an authorization code for an access token, we forget to check the expiration date of the authorization code. Perhaps
if (authorizationCode.isInvalidated()) { throw new OAuth2AuthenticationException(new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT)); } you can replace like this if (authorizationCode.isInvalidated() || authorizationCode.isExpired()) { throw new OAuth2AuthenticationException(new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT)); }.
@AlekseyMishanin AlekseyMishanin added the type: bug A general bug label May 11, 2021
@jgrandja jgrandja changed the title OAuth2AuthorizationCodeAuthenticationProvider should check if the authorization code has expired. OAuth2AuthorizationCodeAuthenticationProvider should check if the code has expired May 20, 2021
@jgrandja jgrandja added this to the 0.1.2 milestone May 20, 2021
@jgrandja
Copy link
Collaborator

jgrandja commented May 20, 2021
edited
Loading

Thank you for reporting this @AlekseyMishanin. This is a bug and should be !authorizationCode.isActive().

sjohnr pushed a commit that referenced this issue May 20, 2021
Fix token expired and not before use check
d5914f4 
Closes gh-290
@sjohnr sjohnr mentioned this issue May 20, 2021
Closed
sjohnr pushed a commit that referenced this issue May 20, 2021
Fix token expired and not before use check
38d2afb 
Closes gh-290
sjohnr pushed a commit that referenced this issue May 20, 2021
Fix token expired and not before use check
e6bc73f 
Closes gh-290
doba16 pushed a commit to doba16/spring-authorization-server that referenced this issue Apr 21, 2023
@jgrandja
OAuth2AuthorizationCodeAuthenticationProvider checks if code has expired
a9404dd 
Closes spring-projectsgh-290
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sjohnr sjohnr

Labels
type: bug A general bug
Projects
None yet
Milestone
0.1.2
Development

Successfully merging a pull request may close this issue.

Fix authorization code expired check spring-projects/spring-authorization-server
3 participants
@sjohnr @jgrandja @AlekseyMishanin