lib/googleauth/signet.rb in googleauth-1.11.0 vs lib/googleauth/signet.rb in googleauth-1.11.1

@@ -10,10 +10,12 @@
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+require "base64"
+require "json"
 require "signet/oauth_2/client"
 require "googleauth/base_client"
 
 module Signet
   # OAuth2 supports OAuth2 authentication.
@@ -27,10 +29,12 @@
 
       alias update_token_signet_base update_token!
 
       def update_token! options = {}
         options = deep_hash_normalize options
+        id_token_expires_at = expires_at_from_id_token options[:id_token]
+        options[:expires_at] = id_token_expires_at if id_token_expires_at
         update_token_signet_base options
         self.universe_domain = options[:universe_domain] if options.key? :universe_domain
         self
       end
 
@@ -86,9 +90,22 @@
           else
             msg = "Unexpected error: #{e.inspect}"
             raise Signet::AuthorizationError, msg
           end
         end
+      end
+
+      private
+
+      def expires_at_from_id_token id_token
+        match = /^[\w=-]+\.([\w=-]+)\.[\w=-]+$/.match id_token.to_s
+        return unless match
+        json = JSON.parse Base64.urlsafe_decode64 match[1]
+        return unless json.key? "exp"
+        Time.at json["exp"].to_i
+      rescue StandardError
+        # Shouldn't happen unless we get a garbled ID token
+        nil
       end
     end
   end
 end