1. Atlassian
  2. Atlassian Connect
  3. atlassian-connect-express
  4. Pull requests

Pull requests

#56 Declined

JWT token expiration leeway + minor error logging adjustments

  1. Roberto Dominguez


Just created this PR, FYI, in case you want to incorporate the changes I've made in our fork:

  • The ability to set al leeway for the JWT token expiration. It can be set on a per authentication middleware instance basis, i.e. you can set it only on a given path.
  • Minor adjustments on the logging on error (i.e. the issuer/clientId, when known, is not set as part of the error message, but as separate parameter)
  • Dependencies Checking for dependencies...
  • Dependents Checking for dependents...

Comments (1)

  1. Seb Ruiz

    Roberto Dominguez, Thanks for the PR. In general, looks good. A few points:

    • Please follow code style - spaces etc... (will help get your PR into the project)
    • leeway is an undescriptive variable name. Probably worth renaming to jwtExpiryLeewayMs (or similar)
    • Should be documented somewhere?
    • Should be tested

    As for accepting the PR - I'll need to speak about it with the team and we'll review to see if we believe it is good practice to bake in security workarounds/relaxations into an official client for AC.

    If we choose not to, I would suggest that we re-architect this change to allow overriding the retrieval of the JWT token or token expiry which would allow you to have custom handlers without worrying about a fork of the lib.