fix(Wrapper): Fixes handling of optional expires_in attribute in Ac…

…cess Token - Fixes #439 - Properly handles `expires_in` being OPTIONAl according to spec. (See: 3.2.2.5. Successful Authentication Response)
oidc-wp · May 9, 2024 · 5ef802d · 5ef802d
1 parent 0038ce7
commit 5ef802d
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/includes/openid-connect-generic-client-wrapper.php b/includes/openid-connect-generic-client-wrapper.php
@@ -737,11 +737,13 @@ public function save_refresh_token( $manager, $token, $token_response ) {
 		}
 		$session = $manager->get( $token );
 		$now = time();
+
 		$session[ $this->cookie_token_refresh_key ] = array(
-			'next_access_token_refresh_time' => $token_response['expires_in'] + $now,
+			'next_access_token_refresh_time' => $now + ( $token_response['expires_in'] ?? 0 ),
 			'refresh_token' => isset( $token_response['refresh_token'] ) ? $token_response['refresh_token'] : false,
 			'refresh_expires' => false,
 		);
+
 		if ( isset( $token_response['refresh_expires_in'] ) ) {
 			$refresh_expires_in = $token_response['refresh_expires_in'];
 			if ( $refresh_expires_in > 0 ) {