fediz-oidc: fix exp claim when timeToLive specified
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java
index 3a9e6e5..9488a0f 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java
@@ -137,15 +137,15 @@
idToken.setTokenId(OAuthUtils.generateRandomTokenKey());
// Compute exp claim
- long currentTimeInSecs = System.currentTimeMillis() / 1000L;
- idToken.setIssuedAt(currentTimeInSecs);
+ final long iat = OAuthUtils.getIssuedAt();
+ idToken.setIssuedAt(iat);
HttpSession httpSession = mc.getHttpServletRequest().getSession(false);
if (timeToLive > 0) {
- idToken.setExpiryTime(timeToLive);
+ idToken.setExpiryTime(iat + timeToLive);
} else if (httpSession != null && httpSession.getMaxInactiveInterval() > 0) {
- idToken.setExpiryTime(currentTimeInSecs + httpSession.getMaxInactiveInterval());
+ idToken.setExpiryTime(iat + httpSession.getMaxInactiveInterval());
} else {
- idToken.setExpiryTime(currentTimeInSecs + DEFAULT_TIME_TO_LIVE);
+ idToken.setExpiryTime(iat + DEFAULT_TIME_TO_LIVE);
}
List<String> requestedClaimsList = new ArrayList<String>();
