Skip to content

Commit 7c8dc99

Browse files
authored
Allow auth_time to be undefined on token refresh (authts#982)
* Allow auth_time to be undefined on token refresh
1 parent fab3b3e commit 7c8dc99

1 file changed

Lines changed: 10 additions & 10 deletions

File tree

src/ResponseValidator.ts

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -186,32 +186,32 @@ export class ResponseValidator {
186186
}
187187
}
188188

189-
protected _validateIdTokenAttributes(response: SigninResponse, currentToken?: string): void {
189+
protected _validateIdTokenAttributes(response: SigninResponse, existingToken?: string): void {
190190
const logger = this._logger.create("_validateIdTokenAttributes");
191191

192192
logger.debug("decoding ID Token JWT");
193-
const profile = JwtUtils.decode(response.id_token ?? "");
193+
const incoming = JwtUtils.decode(response.id_token ?? "");
194194

195-
if (!profile.sub) {
195+
if (!incoming.sub) {
196196
logger.throw(new Error("ID Token is missing a subject claim"));
197197
}
198198

199-
if (currentToken) {
200-
const current = JwtUtils.decode(currentToken);
201-
if (current.sub !== profile.sub) {
199+
if (existingToken) {
200+
const existing = JwtUtils.decode(existingToken);
201+
if (incoming.sub !== existing.sub) {
202202
logger.throw(new Error("sub in id_token does not match current sub"));
203203
}
204-
if (current.auth_time && current.auth_time !== profile.auth_time) {
204+
if (incoming.auth_time && incoming.auth_time !== existing.auth_time) {
205205
logger.throw(new Error("auth_time in id_token does not match original auth_time"));
206206
}
207-
if (current.azp && current.azp !== profile.azp) {
207+
if (incoming.azp && incoming.azp !== existing.azp) {
208208
logger.throw(new Error("azp in id_token does not match original azp"));
209209
}
210-
if (!current.azp && profile.azp) {
210+
if (!incoming.azp && existing.azp) {
211211
logger.throw(new Error("azp not in id_token, but present in original id_token"));
212212
}
213213
}
214214

215-
response.profile = profile as UserProfile;
215+
response.profile = incoming as UserProfile;
216216
}
217217
}

0 commit comments

Comments
 (0)