Unverified Commit 205e32f8 authored by Martin Cech's avatar Martin Cech Committed by GitHub
Browse files

Merge pull request #20040 from kysrpex/psa_reject_expired_tokens 

[23.1] Renew access tokens from PSA using valid refresh tokens
parents 01cbccdd 2a9ed6d6

lib/galaxy/authnz/psa_authnz.py

+5 −1
Original line number Diff line number Diff line
@@ -179,7 +179,11 @@ class PSAAuthnz(IdentityProvider): 
        else:

            log.debug("No `expires` or `expires_in` key found in token extra data, cannot refresh")

            return False

        if int(user_authnz_token.extra_data["auth_time"]) + int(expires) / 2 <= int(time.time()):

        if (

            int(user_authnz_token.extra_data["auth_time"]) + int(expires) / 2

            <= int(time.time())

            < int(user_authnz_token.extra_data["auth_time"]) + int(expires)

        ):

            on_the_fly_config(trans.sa_session)

            if self.config["provider"] == "azure":

                self.refresh_azure(user_authnz_token)