From 98fb4be58f8d2445c158e14478ef895bb2325ec5 Mon Sep 17 00:00:00 2001
From: Matt Moyer <moyerm@vmware.com>
Date: Tue, 25 May 2021 16:48:28 -0500
Subject: [PATCH] Change access token storage TTL to match refresh.

This is a partial cherry-pick of 5240f5e84ad3a984d3331adab3a6383ae09b7450. The token expirations are unchanged, but the garbage collection lifetime is now matched to avoid garbage collection breaking the refresh flow.

This is a backport to fix https://github.com/vmware-tanzu/pinniped/issues/601 on the v0.4.x release line.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
---
 internal/oidc/oidc.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/internal/oidc/oidc.go b/internal/oidc/oidc.go
index e8824f0b..0fe95910 100644
--- a/internal/oidc/oidc.go
+++ b/internal/oidc/oidc.go
@@ -1,4 +1,4 @@
-// Copyright 2020 the Pinniped contributors. All Rights Reserved.
+// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 // Package oidc contains common OIDC functionality needed by Pinniped.
@@ -199,7 +199,7 @@ func DefaultOIDCTimeoutsConfiguration() TimeoutsConfiguration {
 		AuthorizationCodeSessionStorageLifetime: authorizationCodeLifespan + refreshTokenLifespan,
 		PKCESessionStorageLifetime:              authorizationCodeLifespan + (1 * time.Minute),
 		OIDCSessionStorageLifetime:              authorizationCodeLifespan + (1 * time.Minute),
-		AccessTokenSessionStorageLifetime:       accessTokenLifespan + (1 * time.Minute),
+		AccessTokenSessionStorageLifetime:       refreshTokenLifespan + accessTokenLifespan,
 		RefreshTokenSessionStorageLifetime:      refreshTokenLifespan + accessTokenLifespan,
 	}
 }