Fix token validation logic for long-term tokens

hms-dbmi · Sep 16, 2024 · e8b4d7b · e8b4d7b
1 parent 706f057
commit e8b4d7b
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/...-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/TokenService.java b/...-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/TokenService.java
@@ -183,7 +183,10 @@ private TokenInspection validateToken(Map<String, Object> inputMap) throws Illeg
                 errorMsg = "User doesn't have enough privileges.";
         }
 
-        if (isAuthorizationPassed) {
+        if (isLongTermToken) {
+            // The long term token is not automatically refreshed, so we don't need to check the expiration time
+            tokenInspection.addField("active", true);
+        } else if (isAuthorizationPassed) {
             tokenInspection.addField("active", true);
             ArrayList<String> roles = new ArrayList<>();
             for (Privilege p : user.getTotalPrivilege()) {