commit | dfad66128c6ee7513e5565d39bc7b002055dd0d5 | [log] [tgz] |
---|---|---|
author | bojeil-google <bojeil-google@users.noreply.github.com> | Tue Jul 20 10:43:13 2021 -0700 |
committer | GitHub <noreply@github.com> | Tue Jul 20 10:43:13 2021 -0700 |
tree | 5de987d030d79bb69ca9d964ab0d11c3835a860e | |
parent | df9f2f9e9ad0797c4f708c9c8c6da382af7910f3 [diff] |
fix: fallback to source creds expiration in downscoped tokens (#805) For downscoping CAB flow, the STS endpoint may not return the expiration field for certain source credentials. The generated downscoped token should always have the same expiration time as the source credentials. When no `expires_in` field is returned in the response, we can just get the expiration time from the source credentials. Co-authored-by: arithmetic1728 <58957152+arithmetic1728@users.noreply.github.com>