fix: improve secret generation for apple idp (#7843)

* fix: improve secret generation for apple idp * remove accidental commit * change exp time * change exp time * change exp time * change exp time (cherry picked from commit 6ab06aa249)
2024-12-14 03:54:21 +00:00 · 2024-04-26 17:46:15 +02:00 · 2024-04-26 17:46:15 +02:00 · fa30a51cad
commit fa30a51cad
parent f9da250239
2 changed files with 5 additions and 1 deletions
--- a/internal/api/ui/login/external_provider_handler.go
+++ b/internal/api/ui/login/external_provider_handler.go
@ -336,6 +336,10 @@ func (l *Login) handleExternalLoginCallback(w http.ResponseWriter, r *http.Reque

 	user, err := session.FetchUser(r.Context())
 	if err != nil {
+		logging.WithFields(
+			"instance", authz.GetInstance(r.Context()).InstanceID(),
+			"providerID", identityProvider.ID,
+		).WithError(err).Info("external authentication failed")
 		l.externalAuthFailed(w, r, authReq, tokens(session), user, err)
 		return
 	}
--- a/internal/idp/providers/apple/apple.go
+++ b/internal/idp/providers/apple/apple.go
@ -56,7 +56,7 @@ func clientSecretFromPrivateKey(key []byte, teamID, clientID, keyID string) (str
 	if err != nil {
 		return "", err
 	}
-	iat := time.Now()
+	iat := time.Now().Add(-2 * time.Second)
 	exp := iat.Add(time.Hour)
 	return crypto.Sign(&openid.JWTTokenRequest{
 		Issuer:    teamID,