From 97eadbc00fdecaa773de6d279fe3d6767bd48fb1 Mon Sep 17 00:00:00 2001 From: Stavros Date: Fri, 19 Jun 2026 18:41:39 +0300 Subject: [PATCH] feat: support for oidc max age --- internal/controller/oidc_controller.go | 24 ++++++++++++++++++++++++ internal/service/oidc_service.go | 1 + 2 files changed, 25 insertions(+) diff --git a/internal/controller/oidc_controller.go b/internal/controller/oidc_controller.go index f7b8d88a..1ab3b663 100644 --- a/internal/controller/oidc_controller.go +++ b/internal/controller/oidc_controller.go @@ -6,7 +6,9 @@ import ( "fmt" "net/http" "slices" + "strconv" "strings" + "time" "github.com/gin-gonic/gin" "github.com/gin-gonic/gin/binding" @@ -217,6 +219,28 @@ func (controller *OIDCController) authorize(c *gin.Context) { values.OIDCPrompt = service.OIDCPromptNone } + if req.MaxAge != "" { + maxAge, err := strconv.Atoi(req.MaxAge) + if err != nil { + controller.authorizeError(c, authorizeErrorParams{ + err: err, + reason: "Invalid max_age", + reasonPublic: "The max_age parameter is invalid", + callback: req.RedirectURI, + callbackError: "invalid_request", + state: req.State, + }) + return + } + + if userContext.Authenticated { + authTime := time.Unix(userContext.AuthTime, 0) + if authTime.Add(time.Duration(maxAge) * time.Second).Before(time.Now()) { + values.OIDCPrompt = service.OIDCPromptLogin + } + } + } + queries, err := query.Values(values) if err != nil { diff --git a/internal/service/oidc_service.go b/internal/service/oidc_service.go index b274db81..82bbecbd 100644 --- a/internal/service/oidc_service.go +++ b/internal/service/oidc_service.go @@ -128,6 +128,7 @@ type AuthorizeRequest struct { CodeChallenge string `form:"code_challenge" json:"code_challenge" url:"code_challenge"` CodeChallengeMethod string `form:"code_challenge_method" json:"code_challenge_method" url:"code_challenge_method"` Prompt string `form:"prompt" json:"prompt" url:"prompt"` + MaxAge string `form:"max_age" json:"max_age" url:"max_age"` } type AuthorizeCodeEntry struct {