hydra: AccessToken expired for no reason

Ok, this is complex.

In short when I use a token it tells me that it’s already expired, even if I got it only moments after.

I get the token with:

    var redirectUri = encodeURIComponent("http://localhost:3000");
    location.href = "http://localhost:4444/oauth2/auth?client_id=test&response_type=token&nonce=12345679&state=statestate&scope=core&redirect_uri="+redirectUri

with the implicit flow, so I receive it in the hash

Then I make a call to warden to check if the token is valid:

private := ladon.Request{
    Resource: "arduino:user:" + id,
    Action:   "read.private",
}
allowed, err := hydra.Warden.TokenAllowed(context.Background(), token, &private, "core")

where the token is for example bearer eBBQtJe0piBksKCH_aZjgCrWRv5o_OnE-ZfK7JPgLJk.xboOPgdccrRb9LhJFxEH7vk5IX9C77YOQoEym_1_79o

I delved a bit in the code and discovered that here: https://github.com/ory-am/fosite/blob/master/handler/oauth2/strategy_hmacsha.go#L33

r.GetRequestedAt() ====>  2016-08-12 15:10:52.485 +0000 +00:00

(which is odd since today is 2016-08-16)

and here: https://github.com/ory-am/fosite/blob/master/handler/oauth2/strategy_hmacsha_session.go#L21

s.AccessTokenExpiry ====>  0001-01-01 00:00:00 +0000 UTC

I’m not sure what’s going on, if there’s a bug or if I’m doing something wrong-

About this issue

  • Original URL
  • State: closed
  • Created 8 years ago
  • Reactions: 1
  • Comments: 19 (19 by maintainers)

Most upvoted comments

@matteosuppo yes! it’s due to coldStart in fosite storage layer, recent tokens get overridden with old ones. See #207

+2
mfzl on Aug 17, 2016
Read more comments on GitHub
← dockertest: Error when creating docker container: no such host
hydra: Admin endpoint to delete the sessions and trigger backchannel logout for a subject →