oauthenticator [Generic] Pass along `expires

I am wondering, would you consider passing along the expires_in value returned from the OAuth2 token response in the GenericOAuthenticator class' authenticate method?

It is a "recommended" OAuth2 token response field (https://tools.ietf.org/html/rfc6749#section-5.1) and I'd find it useful for determining when a token would need to be refreshed.

I think it'd simply be a matter of pulling it out of the token response here: https://github.com/jupyterhub/oauthenticator/blob/766b2afffee49493da83908cbc549054d52b15c7/oauthenticator/generic.py#L120-L123 e.g. by adding

expires_in = resp_json.get('expires_in', None)

...and sticking it in the final auth_state like the other token response fields.

Oct 20 '18 00:10 brasie

I think this makes a lot of sense to do whenever we can, happy to review a PR about this.

Oct 25 '20 23:10 consideRatio

Hey!

I can help and work on this one as this will be useful for us...

I think a simple change to @brasie 's proposal is needed. The expires_in within the response is used to store 'The lifetime in seconds of the access token', so it's only useful if we have the issued time, so I would include an expiry_time (timestamp) field instead, which is the current time plus the expires_in amount of seconds:

        ...
        now = time.time()
        expiry_time = now + float(resp_json.get('expires_in', 0))
        ...

This way we can include a simple utility function to check if the access_token needs refreshing:

    @staticmethod
    def is_auth_token_expired(auth_state: dict):
        return time.time() < float(auth_state.get('expiry_time', 0))

Note: there will be always a short (milliseconds maybe) gap between the real expiry and the field introduced.

Sep 13 '21 15:09 mcmartins

oauthenticator
oauthenticator copied to clipboard

[Generic] Pass along `expires_in`

oauthenticator oauthenticator copied to clipboard

[Generic] Pass along `expires_in`

oauthenticator
oauthenticator copied to clipboard