Add token within expiry grace period check

pardot · Sep 16, 2024 · 58150f4 · 58150f4
1 parent c982e42
commit 58150f4
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/client.go b/client.go
@@ -15,7 +15,8 @@ import (
 
 const (
 	// ScopeOfflineAccess requests a refresh token
-	ScopeOfflineAccess = "offline_access"
+	ScopeOfflineAccess         = "offline_access"
+	TokenExpirationGracePeriod = time.Duration(30 * time.Second)
 )
 
 type KeySource interface {
@@ -159,6 +160,11 @@ func (t *Token) Valid() bool {
 		t.IDToken != ""
 }
 
+func (t *Token) WithinGracePeriod() bool {
+	gracePeriod := t.Claims.Expiry.Time().Add(-TokenExpirationGracePeriod)
+	return gracePeriod.After(time.Now()) && t.Valid()
+}
+
 // Type of the token
 func (t *Token) Type() string {
 	// only thing we support for now

diff --git a/tokencache/cache_token_source.go b/tokencache/cache_token_source.go
@@ -87,7 +87,7 @@ func (c *cachingTokenSource) Token(ctx context.Context) (*oidc.Token, error) {
 	}
 
 	var newToken *oidc.Token
-	if token != nil && token.Valid() {
+	if token != nil && token.Valid() && !token.WithinGracePeriod() {
 		return token, nil
 	} else if token != nil && token.RefreshToken != "" {
 		// we have an expired token, try and refresh if we can.