Skip to content

auth/backends: Fix cache TTL computation for OIDC profile

The cache TTL for storing an OIDC profile must be computed from the access token renewal date (iat field in decoded token) and not from the OIDC session opening date (auth_time field in decoded token).

Previous implementation was computing a negative TTL (clamped to 0) once the first issued refresh token was expired and thus the authentication process was then failing.


Migrated from D5269 (view on Phabricator)

Merge request reports