feat: support for oidc max age (#949)

2026-06-20 10:20:15 +00:00 · 2026-06-20 00:21:22 +03:00
parent 7f18b45e21
commit efe373084f
2 changed files with 25 additions and 0 deletions
@@ -6,7 +6,9 @@ import (
 	"fmt"
 	"net/http"
 	"slices"
+	"strconv"
 	"strings"
+	"time"

 	"github.com/gin-gonic/gin"
 	"github.com/gin-gonic/gin/binding"
@@ -217,6 +219,28 @@ func (controller *OIDCController) authorize(c *gin.Context) {
 		values.OIDCPrompt = service.OIDCPromptNone
 	}

+	if req.MaxAge != "" && userContext != nil {
+		maxAge, err := strconv.Atoi(req.MaxAge)
+		if err != nil {
+			controller.authorizeError(c, authorizeErrorParams{
+				err:           err,
+				reason:        "Invalid max_age",
+				reasonPublic:  "The max_age parameter is invalid",
+				callback:      req.RedirectURI,
+				callbackError: "invalid_request",
+				state:         req.State,
+			})
+			return
+		}
+
+		if userContext.Authenticated {
+			authTime := time.Unix(userContext.AuthTime, 0)
+			if authTime.Add(time.Duration(maxAge) * time.Second).Before(time.Now()) {
+				values.OIDCPrompt = service.OIDCPromptLogin
+			}
+		}
+	}
+
 	queries, err := query.Values(values)

 	if err != nil {