mirror of
https://github.com/OMGeeky/yup-oauth2.git
synced 2026-01-01 17:10:10 +01:00
24d1d8c429
Was running into an issue where ID tokens were being used by the authenticator even after the 1-hour validity period, and weren't being refreshed. After enabling debug logs, I found out that this was happening because ID-token-only responses don't contain the `expires_in` field, so the authenticator assumes it doesn't expire. Interestingly, this doesn't happen when using the service account impersonation flow, because it's explicitly handled there by defaulting the expiration to 1 hour. The ID token is a JWT so it's possible to decode it to get the expiration date, but to avoid introducing a JWT decoding dependency, I've gone for the same approach of defaulting to 1 hour, as indicated in the GCP docs.