This is an automated email from the ASF dual-hosted git repository.
exceptionfactory pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new a954d2cb31 NIFI-15070 Fixed OAuth2AccessTokenProvider for Access
Tokens without expiration (#10401)
a954d2cb31 is described below
commit a954d2cb317629086674f9a3ac0d7dfff0cffcc5
Author: Peter Turcsanyi <[email protected]>
AuthorDate: Tue Dec 2 03:53:41 2025 +0100
NIFI-15070 Fixed OAuth2AccessTokenProvider for Access Tokens without
expiration (#10401)
- Added Default Expiration Time to StandardOauth2AccessTokenProvider
Signed-off-by: David Handermann <[email protected]>
---
.../main/java/org/apache/nifi/oauth2/AccessToken.java | 18 +++++++++++-------
.../java/org/apache/nifi/oauth2/AccessTokenTest.java | 9 ++++++++-
.../oauth2/JWTBearerOAuth2AccessTokenProvider.java | 2 +-
.../nifi/oauth2/StandardOauth2AccessTokenProvider.java | 17 +++++++++++++++--
4 files changed, 35 insertions(+), 11 deletions(-)
diff --git
a/nifi-extension-bundles/nifi-standard-services/nifi-oauth2-provider-api/src/main/java/org/apache/nifi/oauth2/AccessToken.java
b/nifi-extension-bundles/nifi-standard-services/nifi-oauth2-provider-api/src/main/java/org/apache/nifi/oauth2/AccessToken.java
index 1c26596797..4e1fbb546d 100644
---
a/nifi-extension-bundles/nifi-standard-services/nifi-oauth2-provider-api/src/main/java/org/apache/nifi/oauth2/AccessToken.java
+++
b/nifi-extension-bundles/nifi-standard-services/nifi-oauth2-provider-api/src/main/java/org/apache/nifi/oauth2/AccessToken.java
@@ -25,7 +25,7 @@ public class AccessToken {
private String accessToken;
private String refreshToken;
private String tokenType;
- private long expiresIn;
+ private Long expiresIn;
private String scope;
private final Instant fetchTime;
@@ -33,10 +33,10 @@ public class AccessToken {
private final Map<String, Object> additionalParameters = new HashMap<>();
public AccessToken() {
- this.fetchTime = Instant.now();
+ this.fetchTime = now();
}
- public AccessToken(String accessToken, String refreshToken, String
tokenType, long expiresIn, String scope) {
+ public AccessToken(String accessToken, String refreshToken, String
tokenType, Long expiresIn, String scope) {
this();
this.accessToken = accessToken;
this.refreshToken = refreshToken;
@@ -69,11 +69,11 @@ public class AccessToken {
this.tokenType = tokenType;
}
- public long getExpiresIn() {
+ public Long getExpiresIn() {
return expiresIn;
}
- public void setExpiresIn(long expiresIn) {
+ public void setExpiresIn(Long expiresIn) {
this.expiresIn = expiresIn;
}
@@ -90,8 +90,12 @@ public class AccessToken {
}
public boolean isExpired() {
- final Instant expirationTime = fetchTime.plusSeconds(expiresIn);
- return now().isAfter(expirationTime);
+ if (expiresIn == null) {
+ return false;
+ } else {
+ final Instant expirationTime = fetchTime.plusSeconds(expiresIn);
+ return now().isAfter(expirationTime);
+ }
}
Instant now() {
diff --git
a/nifi-extension-bundles/nifi-standard-services/nifi-oauth2-provider-api/src/test/java/org/apache/nifi/oauth2/AccessTokenTest.java
b/nifi-extension-bundles/nifi-standard-services/nifi-oauth2-provider-api/src/test/java/org/apache/nifi/oauth2/AccessTokenTest.java
index 5312055f50..9be1e42ad2 100644
---
a/nifi-extension-bundles/nifi-standard-services/nifi-oauth2-provider-api/src/test/java/org/apache/nifi/oauth2/AccessTokenTest.java
+++
b/nifi-extension-bundles/nifi-standard-services/nifi-oauth2-provider-api/src/test/java/org/apache/nifi/oauth2/AccessTokenTest.java
@@ -50,7 +50,14 @@ public class AccessTokenTest {
assertFalse(accessToken.isExpired());
}
- private AccessToken getAccessToken(final long expiresInSeconds) {
+ @Test
+ public void testIsExpiredNever() {
+ final AccessToken accessToken = getAccessToken(null);
+
+ assertFalse(accessToken.isExpired());
+ }
+
+ private AccessToken getAccessToken(final Long expiresInSeconds) {
return new AccessToken(
null,
null,
diff --git
a/nifi-extension-bundles/nifi-standard-services/nifi-oauth2-provider-bundle/nifi-oauth2-provider-service/src/main/java/org/apache/nifi/oauth2/JWTBearerOAuth2AccessTokenProvider.java
b/nifi-extension-bundles/nifi-standard-services/nifi-oauth2-provider-bundle/nifi-oauth2-provider-service/src/main/java/org/apache/nifi/oauth2/JWTBearerOAuth2AccessTokenProvider.java
index 28061cbbcc..d83a55e61d 100644
---
a/nifi-extension-bundles/nifi-standard-services/nifi-oauth2-provider-bundle/nifi-oauth2-provider-service/src/main/java/org/apache/nifi/oauth2/JWTBearerOAuth2AccessTokenProvider.java
+++
b/nifi-extension-bundles/nifi-standard-services/nifi-oauth2-provider-bundle/nifi-oauth2-provider-service/src/main/java/org/apache/nifi/oauth2/JWTBearerOAuth2AccessTokenProvider.java
@@ -429,7 +429,7 @@ public class JWTBearerOAuth2AccessTokenProvider extends
AbstractControllerServic
}
private boolean isRefreshRequired() {
- if (accessDetails.getExpiresIn() > 0) {
+ if (accessDetails.getExpiresIn() != null) {
final Instant expirationRefreshTime = accessDetails.getFetchTime()
.plusSeconds(accessDetails.getExpiresIn())
.minus(refreshWindow);
diff --git
a/nifi-extension-bundles/nifi-standard-services/nifi-oauth2-provider-bundle/nifi-oauth2-provider-service/src/main/java/org/apache/nifi/oauth2/StandardOauth2AccessTokenProvider.java
b/nifi-extension-bundles/nifi-standard-services/nifi-oauth2-provider-bundle/nifi-oauth2-provider-service/src/main/java/org/apache/nifi/oauth2/StandardOauth2AccessTokenProvider.java
index 6b25b85eae..d76446d17e 100644
---
a/nifi-extension-bundles/nifi-standard-services/nifi-oauth2-provider-bundle/nifi-oauth2-provider-service/src/main/java/org/apache/nifi/oauth2/StandardOauth2AccessTokenProvider.java
+++
b/nifi-extension-bundles/nifi-standard-services/nifi-oauth2-provider-bundle/nifi-oauth2-provider-service/src/main/java/org/apache/nifi/oauth2/StandardOauth2AccessTokenProvider.java
@@ -196,6 +196,14 @@ public class StandardOauth2AccessTokenProvider extends
AbstractControllerService
.required(true)
.build();
+ public static final PropertyDescriptor DEFAULT_EXPIRATION_TIME = new
PropertyDescriptor.Builder()
+ .name("Default Expiration Time")
+ .description("Expiration time to use when the returned access token
does not include an expiration time.")
+ .addValidator(StandardValidators.TIME_PERIOD_VALIDATOR)
+ .defaultValue("1 hour")
+ .required(true)
+ .build();
+
public static final PropertyDescriptor SSL_CONTEXT_SERVICE = new
PropertyDescriptor.Builder()
.name("SSL Context Service")
.addValidator(Validator.VALID)
@@ -231,6 +239,7 @@ public class StandardOauth2AccessTokenProvider extends
AbstractControllerService
RESOURCE,
AUDIENCE,
REFRESH_WINDOW,
+ DEFAULT_EXPIRATION_TIME,
SSL_CONTEXT_SERVICE,
HTTP_PROTOCOL_STRATEGY,
ProxyConfiguration.createProxyConfigPropertyDescriptor(PROXY_SPECS)
@@ -257,6 +266,7 @@ public class StandardOauth2AccessTokenProvider extends
AbstractControllerService
private volatile String resource;
private volatile String audience;
private volatile long refreshWindowSeconds;
+ private volatile long defaultExpirationTimeSeconds;
private volatile Map<String, String> customFormParameters = new
HashMap<>();
private volatile AccessToken accessDetails;
@@ -428,12 +438,13 @@ public class StandardOauth2AccessTokenProvider extends
AbstractControllerService
AccessToken accessDetailsWithRefreshTokenOnly = new AccessToken();
accessDetailsWithRefreshTokenOnly.setRefreshToken(refreshToken);
- accessDetailsWithRefreshTokenOnly.setExpiresIn(-1);
+ accessDetailsWithRefreshTokenOnly.setExpiresIn(-1L);
this.accessDetails = accessDetailsWithRefreshTokenOnly;
}
refreshWindowSeconds =
context.getProperty(REFRESH_WINDOW).asTimePeriod(TimeUnit.SECONDS);
+ defaultExpirationTimeSeconds =
context.getProperty(DEFAULT_EXPIRATION_TIME).asTimePeriod(TimeUnit.SECONDS);
Map<String, String> formParameters = new HashMap<>();
for (PropertyDescriptor descriptor : context.getProperties().keySet())
{
@@ -456,8 +467,10 @@ public class StandardOauth2AccessTokenProvider extends
AbstractControllerService
}
private boolean isRefreshRequired() {
+ final long expirationTime = accessDetails.getExpiresIn() != null ?
accessDetails.getExpiresIn() : defaultExpirationTimeSeconds;
+
final Instant expirationRefreshTime = accessDetails.getFetchTime()
- .plusSeconds(accessDetails.getExpiresIn())
+ .plusSeconds(expirationTime)
.minusSeconds(refreshWindowSeconds);
return Instant.now().isAfter(expirationRefreshTime);
