Add option in settings to disregard JWT exp issues

2022-03-30 15:17:11 -04:00
parent 86e171f13d
commit 9dc18ac81b
3 changed files with 17 additions and 3 deletions
--- a/service/esiAccess.py
+++ b/service/esiAccess.py
@@ -241,7 +241,7 @@ class EsiAccess:
                algorithms=jwk_set["alg"],
                issuer=[self.server_base.sso, "https://%s" % self.server_base.sso],
                # ignore "aud" claim: https://tweetfleet.slack.com/archives/C30KX8UUX/p1648495011905969
-                options={"verify_aud": False}
+                options={"verify_aud": False, "verify_exp": self.settings.get("enforceJwtExpiration")}
            )
        except ExpiredSignatureError as e:
            raise GenericSsoError("The JWT token has expired: {}".format(str(e)))