From fa30a51cadaa70098a865ad19bed881c150f4c75 Mon Sep 17 00:00:00 2001 From: Livio Spring Date: Fri, 26 Apr 2024 17:46:15 +0200 Subject: [PATCH] fix: improve secret generation for apple idp (#7843) * fix: improve secret generation for apple idp * remove accidental commit * change exp time * change exp time * change exp time * change exp time (cherry picked from commit 6ab06aa249e759b9939d3fadb6d0fcea71539fc8) --- internal/api/ui/login/external_provider_handler.go | 4 ++++ internal/idp/providers/apple/apple.go | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/internal/api/ui/login/external_provider_handler.go b/internal/api/ui/login/external_provider_handler.go index 98c2dde6ff..3cd14c0a72 100644 --- a/internal/api/ui/login/external_provider_handler.go +++ b/internal/api/ui/login/external_provider_handler.go @@ -336,6 +336,10 @@ func (l *Login) handleExternalLoginCallback(w http.ResponseWriter, r *http.Reque user, err := session.FetchUser(r.Context()) if err != nil { + logging.WithFields( + "instance", authz.GetInstance(r.Context()).InstanceID(), + "providerID", identityProvider.ID, + ).WithError(err).Info("external authentication failed") l.externalAuthFailed(w, r, authReq, tokens(session), user, err) return } diff --git a/internal/idp/providers/apple/apple.go b/internal/idp/providers/apple/apple.go index 65debed1a3..57023410d1 100644 --- a/internal/idp/providers/apple/apple.go +++ b/internal/idp/providers/apple/apple.go @@ -56,7 +56,7 @@ func clientSecretFromPrivateKey(key []byte, teamID, clientID, keyID string) (str if err != nil { return "", err } - iat := time.Now() + iat := time.Now().Add(-2 * time.Second) exp := iat.Add(time.Hour) return crypto.Sign(&openid.JWTTokenRequest{ Issuer: teamID,