From ec2291733edb9bc6762c728a4ce019c76d52b9c6 Mon Sep 17 00:00:00 2001
From: Rohith Jayawardene <gambol99@gmail.com>
Date: Fri, 6 Jan 2017 11:48:40 +0000
Subject: [PATCH] Release v2.0.0 (#170)

- pushing out version v2.0.0
- updated changelog to reflect changes
---
 CHANGELOG.md |  4 ++--
 doc.go       |  2 +-
 handlers.go  | 10 ++++++++--
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d2b4229..c4bcd5c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,5 @@
 
-#### **2.0.0 (unreleased or in master)**
+#### **2.0.0**
 
 FEATURES:
  * Adding the --skip-openid-provider-tls-verify option to bypass the TLS verification for Idp [#PR147](https://github.com/gambol99/keycloak-proxy/pull/147)
@@ -19,7 +19,7 @@ BREAKING CHANGES:
  * Changed the command line options scope -> scopes
  * Changed the command line options log-json-format -> json-format
  * Changed the command line options resource -> resources
- * Changed the command line options tags -> tags 
+ * Changed the command line options tags -> tags
 
 #### **1.2.8**
 
diff --git a/doc.go b/doc.go
index a833f6f..6811ee0 100644
--- a/doc.go
+++ b/doc.go
@@ -24,7 +24,7 @@ import (
 )
 
 var (
-	release = "v1.2.8"
+	release = "v2.0.0"
 	gitsha  = "no gitsha provided"
 	version = release + " (git+sha: " + gitsha + ")"
 )
diff --git a/handlers.go b/handlers.go
index 04b62e8..910cf84 100644
--- a/handlers.go
+++ b/handlers.go
@@ -169,9 +169,15 @@ func (r *oauthProxy) oauthCallbackHandler(cx *gin.Context) {
 					"error": err.Error(),
 				}).Warnf("failed to save the refresh token in the store")
 			}
+			// step: get expiration of the refresh token if we can
+			_, ident, err := parseToken(response.RefreshToken)
+			if err != nil {
+				r.dropAccessTokenCookie(cx, session.Encode(), time.Duration(72)*time.Hour)
+			} else {
+				r.dropAccessTokenCookie(cx, session.Encode(), ident.ExpiresAt.Sub(time.Now()))
+			}
 		default:
-			// step: attempt to decode the refresh token (not all refresh tokens are jwt tokens;
-			// gooogle for instance.
+			// step: attempt to decode the refresh token (not all refresh tokens are jwt tokens; google for instance.
 			if _, ident, err := parseToken(response.RefreshToken); err != nil {
 				r.dropRefreshTokenCookie(cx, encrypted, time.Duration(72)*time.Hour)
 			} else {
-- 
GitLab