Change access token storage TTL to match refresh.

This is a partial cherry-pick of 5240f5e84a. The token expirations are unchanged, but the garbage collection lifetime is now matched to avoid garbage collection breaking the refresh flow. This is a backport to fix https://github.com/vmware-tanzu/pinniped/issues/601 on the v0.4.x release line. Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-25 16:48:28 -05:00 · 2021-05-25 16:48:28 -05:00 · 98fb4be58f
commit 98fb4be58f
parent d0ec582334
1 changed files with 2 additions and 2 deletions
--- a/internal/oidc/oidc.go
+++ b/internal/oidc/oidc.go
@ -1,4 +1,4 @@
-// Copyright 2020 the Pinniped contributors. All Rights Reserved.
+// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 // Package oidc contains common OIDC functionality needed by Pinniped.
@ -199,7 +199,7 @@ func DefaultOIDCTimeoutsConfiguration() TimeoutsConfiguration {
 		AuthorizationCodeSessionStorageLifetime: authorizationCodeLifespan + refreshTokenLifespan,
 		PKCESessionStorageLifetime:              authorizationCodeLifespan + (1 * time.Minute),
 		OIDCSessionStorageLifetime:              authorizationCodeLifespan + (1 * time.Minute),
-		AccessTokenSessionStorageLifetime:       accessTokenLifespan + (1 * time.Minute),
+		AccessTokenSessionStorageLifetime:       refreshTokenLifespan + accessTokenLifespan,
 		RefreshTokenSessionStorageLifetime:      refreshTokenLifespan + accessTokenLifespan,
 	}
 }