From 33c7053b4f702aaa131556c885e6664b702c3274 Mon Sep 17 00:00:00 2001 From: 0x0fbc <10455804+0x0fbc@users.noreply.github.com> Date: Fri, 7 Jun 2024 14:56:47 -0400 Subject: [PATCH] directly use JWT_VALIDITY_SECS constant instead of copying it to DuoClient instances --- src/api/core/two_factor/duo_oidc.rs | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/src/api/core/two_factor/duo_oidc.rs b/src/api/core/two_factor/duo_oidc.rs index bc56e3d4..f504e055 100644 --- a/src/api/core/two_factor/duo_oidc.rs +++ b/src/api/core/two_factor/duo_oidc.rs @@ -51,7 +51,7 @@ macro_rules! TOKEN_ENDPOINT { }; } -// Default JWT validity time +// Number of seconds that a JWT we generate for Duo should be valid for const JWT_VALIDITY_SECS: i64 = 300; // Stored Duo context validity duration @@ -125,7 +125,6 @@ struct DuoClient { client_secret: String, // Duo Client Secret (DuoData.sk) api_host: String, // Duo API hostname (DuoData.host) redirect_uri: String, // URL in this application clients should call for MFA verification - jwt_exp_seconds: i64, // Number of seconds that JWTs we create should be valid for } impl DuoClient { @@ -137,8 +136,7 @@ impl DuoClient { client_secret, api_host, redirect_uri, - jwt_exp_seconds: JWT_VALIDITY_SECS, - }; + } } // Generate a client assertion for health checks and authorization code exchange. @@ -150,7 +148,7 @@ impl DuoClient { iss: self.client_id.clone(), sub: self.client_id.clone(), aud: url.clone(), - exp: now + self.jwt_exp_seconds, + exp: now + JWT_VALIDITY_SECS, jti: jwt_id, iat: now, } @@ -227,7 +225,7 @@ impl DuoClient { let jwt_payload = AuthorizationRequest { response_type: String::from("code"), scope: String::from("openid"), - exp: now + self.jwt_exp_seconds, + exp: now + JWT_VALIDITY_SECS, client_id: self.client_id.clone(), redirect_uri: self.redirect_uri.clone(), state,