lib/rodauth/features/oauth_jwt.rb in rodauth-oauth-0.2.0 vs lib/rodauth/features/oauth_jwt.rb in rodauth-oauth-0.3.0

@@ -4,10 +4,12 @@
 
 module Rodauth
   Feature.define(:oauth_jwt) do
     depends :oauth
 
+    JWKS = OAuth::TtlStore.new
+
     auth_value_method :oauth_jwt_subject_type, "public" # public, pairwise
     auth_value_method :oauth_jwt_subject_secret, nil # salt for pairwise generation
 
     auth_value_method :oauth_jwt_token_issuer, nil
 
@@ -37,12 +39,18 @@
       :jwt_decode,
       :jwks_set,
       :last_account_login_at
     )
 
-    JWKS = OAuth::TtlStore.new
+    route(:jwks) do |r|
+      next unless is_authorization_server?
 
+      r.get do
+        json_response_success({ keys: jwks_set }, true)
+      end
+    end
+
     def require_oauth_authorization(*scopes)
       authorization_required unless authorization_token
 
       scopes << oauth_application_default_scope if scopes.empty?
 
@@ -166,11 +174,11 @@
       generate_oauth_token(create_params, false)
     end
 
     def generate_oauth_token(params = {}, should_generate_refresh_token = true)
       create_params = {
-        oauth_grants_expires_in_column => Time.now + oauth_token_expires_in
+        oauth_grants_expires_in_column => Sequel.date_add(Sequel::CURRENT_TIMESTAMP, seconds: oauth_token_expires_in)
       }.merge(params)
 
       oauth_token = rescue_from_uniqueness_error do
         if should_generate_refresh_token
           refresh_token = oauth_unique_id_generator
@@ -196,11 +204,11 @@
       oauth_token[oauth_tokens_token_column] = token
       oauth_token
     end
 
     def jwt_claims(oauth_token)
-      issued_at = Time.now.utc.to_i
+      issued_at = Time.now.to_i
 
       claims = {
         iss: (oauth_jwt_token_issuer || authorization_server_url), # issuer
         iat: issued_at, # issued at
         #
@@ -217,11 +225,11 @@
 
         exp: issued_at + oauth_token_expires_in,
         aud: (oauth_jwt_audience || oauth_application[oauth_applications_client_id_column])
       }
 
-      claims[:auth_time] = last_account_login_at.utc.to_i if last_account_login_at
+      claims[:auth_time] = last_account_login_at.to_i if last_account_login_at
 
       claims
     end
 
     def jwt_subject(oauth_token)
@@ -235,11 +243,11 @@
       else
         raise StandardError, "unexpected subject (#{oauth_jwt_subject_type})"
       end
     end
 
-    def oauth_token_by_token(token, *)
+    def oauth_token_by_token(token)
       jwt_decode(token)
     end
 
     def json_token_introspect_payload(oauth_token)
       return { active: false } unless oauth_token
@@ -298,13 +306,13 @@
         authorization_required unless response.code.to_i == 200
 
         # time-to-live
         ttl = if response.key?("cache-control")
                 cache_control = response["cache-control"]
-                cache_control[/max-age=(\d+)/, 1]
+                cache_control[/max-age=(\d+)/, 1].to_i
               elsif response.key?("expires")
-                DateTime.httpdate(response["expires"]).utc.to_i - Time.now.utc.to_i
+                Time.parse(response["expires"]).to_i - Time.now.to_i
               end
 
         [JSON.parse(response.body, symbolize_names: true), ttl]
       end
     end
@@ -451,16 +459,8 @@
       token_hint = param_or_nil("token_type_hint")
 
       throw(:rodauth_error) if !token_hint || token_hint == "access_token"
 
       super
-    end
-
-    route(:jwks) do |r|
-      next unless is_authorization_server?
-
-      r.get do
-        json_response_success({ keys: jwks_set })
-      end
     end
   end
 end