openidconnect provider does not return the accestokens' expiry time


Currently Amdatu security has it's own expire time in the JWT. However, the accesstoken to the third party can also have an access time, and the idprovider's getUserIdentity() (which can return the accesstoken and refreshtoken), does not supply the expiry time.
It would be nice if this could be returned as well, since then it is known whether a new accesstoken needs to be requested for e.g. offline access.

When debugging, I noticed the following (see also the code below):

  1. first the accesstoken is retrieved. This contains the expiry time and refresh token

  2. The idToken is verified, and it's attributes are saved

  3. All userinfo is added to those attributes

  4. From these attributes only the wanted claims are kept (and are now called tokenAttrs)

  5. the tokenAttributes get the providertype, accesstoken, and refreshtoken and are returned.

The idToken does not contain the expiry time, nor does the userinfo; hence the expiry time is not added to the response.


March 28, 2018, 7:04 AM

See the attached screenshot for an example response for the refresh token call to the Office365 OpenId provider:

Currently, only the new access token is stored, but the other information should be stored/returned as well.

December 4, 2017, 2:46 PM

Additionally, the refreshToken() call could/should return the expiration time as well.





Koos Gadellaa