Skip to content

Commit 4bf12ff

Browse files
MariusStorhaugMariusStorhaug
authored
🪲 [Fix]: Fix an issue with all App/JWT tokens being marked as expired (#497)
## Description This pull request updates the handling of JWT token issue and expiry times, ensuring consistent use of local time and simplifying the calculation of token expiry intervals. The changes improve time zone handling and streamline the logic for determining token validity. **Improvements to JWT Time Handling:** * Changed the calculation of `IssuedAt` and `ExpiresAt` in `New-GitHubUnsignedJWT.ps1` to use `LocalDateTime` instead of `DateTime`, ensuring the times are always in local time. * In `Update-GitHubAppJWT.ps1`, added logic to convert `ExpiresAt` from UTC to local time if needed before updating the context, further standardizing time zone usage. **Simplification of Token Expiry Calculation:** * Simplified the `TokenExpiresIn` and `RefreshTokenExpiresIn` script properties in `GitHubContext.Types.ps1xml` by removing redundant checks for negative intervals and directly returning the time difference. ## Type of change <!-- Use the check-boxes [x] on the options that are relevant. --> - [ ] 📖 [Docs] - [x] 🪲 [Fix] - [ ] 🩹 [Patch] - [ ] ⚠️ [Security fix] - [ ] 🚀 [Feature] - [ ] 🌟 [Breaking change] ## Checklist <!-- Use the check-boxes [x] on the options that are relevant. --> - [x] I have performed a self-review of my own code - [x] I have commented my code, particularly in hard-to-understand areas
1 parent 82939b5 commit 4bf12ff

File tree

3 files changed

+14
-27
lines changed

3 files changed

+14
-27
lines changed

src/functions/private/Apps/GitHub Apps/New-GitHubUnsignedJWT.ps1

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -44,9 +44,9 @@
4444
typ = 'JWT'
4545
}
4646
)
47-
$now = [System.DateTimeOffset]::UtcNow
48-
$iat = $now.AddMinutes(-10)
49-
$exp = $now.AddMinutes(10)
47+
$nowUtc = [System.DateTimeOffset]::UtcNow
48+
$iat = $nowUtc.AddMinutes(-10)
49+
$exp = $nowUtc.AddMinutes(10)
5050
$payload = [GitHubJWTComponent]::ToBase64UrlString(
5151
@{
5252
iat = $iat.ToUnixTimeSeconds()
@@ -56,8 +56,8 @@
5656
)
5757
[pscustomobject]@{
5858
Base = "$header.$payload"
59-
IssuedAt = $iat.DateTime
60-
ExpiresAt = $exp.DateTime
59+
IssuedAt = $iat.LocalDateTime
60+
ExpiresAt = $exp.LocalDateTime
6161
Issuer = $ClientID
6262
}
6363
}

src/functions/private/Apps/GitHub Apps/Update-GitHubAppJWT.ps1

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -92,7 +92,11 @@
9292
throw 'No Private Key or KeyVault Key Reference provided in the context.'
9393
}
9494

95-
$Context.TokenExpiresAt = $unsignedJWT.ExpiresAt
95+
$expiresAt = $unsignedJWT.ExpiresAt
96+
if ($expiresAt.Kind -eq [DateTimeKind]::Utc) {
97+
$expiresAt = $expiresAt.ToLocalTime()
98+
}
99+
$Context.TokenExpiresAt = $expiresAt
96100

97101
if ($Context.ID) {
98102
if ($PSCmdlet.ShouldProcess('JWT token', 'Update/refresh')) {
@@ -122,7 +126,6 @@
122126
}
123127
}
124128
} else {
125-
# JWT is still valid, no refresh needed
126129
Write-Debug 'JWT is still valid, no refresh needed'
127130
}
128131

src/types/GitHubContext.Types.ps1xml

Lines changed: 4 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -7,22 +7,14 @@
77
<Name>TokenExpiresIn</Name>
88
<GetScriptBlock>
99
if ($null -eq $this.TokenExpiresAt) { return [TimeSpan]::Zero }
10-
$timeRemaining = $this.TokenExpiresAt - [DateTime]::Now
11-
if ($timeRemaining.TotalSeconds -lt 0) {
12-
return [TimeSpan]::Zero
13-
}
14-
return $timeRemaining
10+
$this.TokenExpiresAt - [DateTime]::Now
1511
</GetScriptBlock>
1612
</ScriptProperty>
1713
<ScriptProperty>
1814
<Name>RefreshTokenExpiresIn</Name>
1915
<GetScriptBlock>
2016
if ($null -eq $this.RefreshTokenExpiresAt) { return [TimeSpan]::Zero }
21-
$timeRemaining = $this.RefreshTokenExpiresAt - [DateTime]::Now
22-
if ($timeRemaining.TotalSeconds -lt 0) {
23-
return [TimeSpan]::Zero
24-
}
25-
return $timeRemaining
17+
$this.RefreshTokenExpiresAt - [DateTime]::Now
2618
</GetScriptBlock>
2719
</ScriptProperty>
2820
</Members>
@@ -34,11 +26,7 @@
3426
<Name>TokenExpiresIn</Name>
3527
<GetScriptBlock>
3628
if ($null -eq $this.TokenExpiresAt) { return [TimeSpan]::Zero }
37-
$timeRemaining = $this.TokenExpiresAt - [DateTime]::Now
38-
if ($timeRemaining.TotalSeconds -lt 0) {
39-
return [TimeSpan]::Zero
40-
}
41-
return $timeRemaining
29+
$this.TokenExpiresAt - [DateTime]::Now
4230
</GetScriptBlock>
4331
</ScriptProperty>
4432
</Members>
@@ -50,11 +38,7 @@
5038
<Name>TokenExpiresIn</Name>
5139
<GetScriptBlock>
5240
if ($null -eq $this.TokenExpiresAt) { return }
53-
$timeRemaining = $this.TokenExpiresAt - [DateTime]::Now
54-
if ($timeRemaining.TotalSeconds -lt 0) {
55-
return [TimeSpan]::Zero
56-
}
57-
return $timeRemaining
41+
$this.TokenExpiresAt - [DateTime]::Now
5842
</GetScriptBlock>
5943
</ScriptProperty>
6044
</Members>

0 commit comments

Comments
 (0)