dkam/clinch
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Wiki Activity

We already have a login_time stored - the time stamp of the Session instance creation ( created after successful login ).

Browse Source
This commit is contained in:
Dan Milne
2025-12-31 16:45:45 +11:00
parent 4b4afe277e
commit 3939ea773f
3 changed files with 13 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/controllers/oidc_controller.rb
View File

@@ -412,13 +412,14 @@ class OidcController < ApplicationController
end
# Generate ID token (JWT) with pairwise SID, at_hash, and auth_time
# auth_time comes from the Session model's created_at (when user logged in)
id_token = OidcJwtService.generate_id_token(
user,
application,
consent: consent,
nonce: auth_code.nonce,
access_token: access_token_record.plaintext_token,
auth_time: session[:auth_time]
auth_time: Current.session.created_at.to_i
)
# Return tokens
@@ -536,12 +537,13 @@ class OidcController < ApplicationController
end
# Generate new ID token (JWT with pairwise SID, at_hash, and auth_time; no nonce for refresh grants)
# auth_time comes from the Session model's created_at (when user logged in)
id_token = OidcJwtService.generate_id_token(
user,
application,
consent: consent,
access_token: new_access_token.plaintext_token,
auth_time: session[:auth_time]
auth_time: Current.session.created_at.to_i
)
# Return new tokens