Token expiry time is read from the token

* Token expiry time is read from the token

Author: mihaj

Directory.Build.props

@@ -1,5 +1,5 @@
 <Project>
   <PropertyGroup>
-    <Version>0.2.2</Version>
+    <Version>0.2.3</Version>
   </PropertyGroup>
 </Project>

README.md

@@ -3,6 +3,7 @@
 [![CodeQL](https://github.com/qatoolkit/qatoolkit-auth-net/workflows/CodeQL%20Analyze/badge.svg)](https://github.com/qatoolkit/qatoolkit-auth-net/security/code-scanning)
 [![Sonarcloud Quality gate](https://github.com/qatoolkit/qatoolkit-auth-net/workflows/Sonarqube%20Analyze/badge.svg)](https://sonarcloud.io/dashboard?id=qatoolkit_qatoolkit-auth-net)
 [![NuGet package](https://img.shields.io/nuget/v/QAToolKit.Auth?label=QAToolKit.Auth)](https://www.nuget.org/packages/QAToolKit.Auth/)
+[![Discord](https://img.shields.io/discord/787220825127780354?color=%23267CB9&label=Discord%20chat)](https://discord.com/invite/tu3WDV5Z?utm_source=Discord%20Widget&utm_medium=Connect)
 
 ## Description
 `QAToolKit.Auth` is a .NET Standard 2.1 library, that retrieves the JWT access tokens from different identity providers.
@@ -12,7 +13,13 @@ Currently it supports next Identity providers and Oauth2 flows:
 - `Azure B2C`: Library supports [AzureB2C](https://azure.microsoft.com/en-us/services/active-directory/external-identities/b2c/) client credentials flow.
 - `Identity Server 4`: Library supports [Identity Server 4](https://identityserver.io/) client credentials [flow](https://identityserver4.readthedocs.io/en/latest/quickstarts/1_client_credentials.html)
 
-Supported .NET frameworks and standards: `netstandard2.0`, `netstandard2.1`, `netcoreapp3.1`, `net5.0`
+Supported .NET frameworks and standards: `netstandard2.0`, `netstandard2.1`, `netcoreapp3.1`, `net5.0`.
+
+Get in touch with me on:
+
+[![Discord](https://img.shields.io/discord/787220825127780354?color=%23267CB9&label=Discord%20chat)](https://discord.com/invite/tu3WDV5Z?utm_source=Discord%20Widget&utm_medium=Connect)
+
+**Please note**: _The token expiration time is read from the tokens and is used to minimize the hits on the token endpoint. Another benefit is faster tests :)._
 
 ## 1. Keycloak support
 

src/QAToolKit.Auth/DefaultTokenService.cs

@@ -9,14 +9,17 @@ namespace QAToolKit.Auth
 {
     internal abstract class DefaultTokenService
     {
+        private const int TokenValidityOffsetSeconds = 15;
         protected readonly HttpClient _client;
         protected readonly Uri _tokenEndpoint;
         protected readonly string _clientId;
         protected readonly string _secret;
         protected readonly string _assemblyName;
         protected readonly string _assemblyVersion;
-        protected string _accessToken = null;
+        
         protected string _clientCredentialsToken = null;
+        private DateTimeOffset? _clientCredentialsTokenValidity = null;
+
         protected string[] _scopes = null;
 
         internal DefaultTokenService(DefaultOptions defaultOptions)
@@ -34,6 +37,11 @@ internal DefaultTokenService(DefaultOptions defaultOptions)
 
         public virtual async Task<string> GetAccessTokenAsync()
         {
+            if (IsAccessTokenValid())
+            {
+                return _clientCredentialsToken;
+            }
+
             await GetClientCredentialsToken();
 
             return _clientCredentialsToken;
@@ -67,13 +75,24 @@ private async Task GetClientCredentialsToken()
                 dynamic body = JObject.Parse(await response.Content.ReadAsStringAsync());
 
                 _clientCredentialsToken = body.access_token;
+                int expiresIn = body.expires_in;
+
+                _clientCredentialsTokenValidity = DateTimeOffset.Now.AddSeconds(expiresIn);
 
                 return;
             }
 
             throw new UnauthorizedClientException(await response.Content.ReadAsStringAsync());
         }
 
+        private bool IsAccessTokenValid()
+        {
+            if (_clientCredentialsToken == null || !_clientCredentialsTokenValidity.HasValue)
+                return false;
+
+            return _clientCredentialsTokenValidity.Value.AddSeconds(-TokenValidityOffsetSeconds) >= DateTimeOffset.Now;
+        }
+
         protected HttpRequestMessage CreateBasicTokenEndpointRequest()
         {
             var request = new HttpRequestMessage(HttpMethod.Post, _tokenEndpoint);

src/QAToolKit.Auth/Keycloak/KeycloakTokenService.cs

@@ -9,11 +9,20 @@ namespace QAToolKit.Auth.Keycloak
 {
     internal class KeycloakTokenService : DefaultTokenService
     {
+        private const int TokenValidityOffsetSeconds = 15;
+        private readonly string AccessToken = null;
+        private DateTimeOffset? AccessTokenValidity = null;
+
         public KeycloakTokenService(KeycloakOptions keycloakOptions) : base(keycloakOptions)
         { }
 
         internal async Task<string> ExchangeTokenForUserToken(string userName)
         {
+            if (IsAccessTokenValid())
+            {
+                return AccessToken;
+            }
+
             var impersonatedTokenRequest = CreateBasicTokenEndpointRequest();
 
             if (impersonatedTokenRequest == null)
@@ -36,9 +45,12 @@ internal async Task<string> ExchangeTokenForUserToken(string userName)
             {
                 if (!string.IsNullOrEmpty(contentStr))
                 {
-                    dynamic content = JObject.Parse(contentStr);
+                    dynamic body = JObject.Parse(contentStr);
+                    int expiresIn = body.expires_in;
+
+                    AccessTokenValidity = DateTimeOffset.Now.AddSeconds(expiresIn);
 
-                    return content.access_token;
+                    return body.access_token;
                 }
                 else
                 {
@@ -50,5 +62,13 @@ internal async Task<string> ExchangeTokenForUserToken(string userName)
                 throw new AccessDeniedException(contentStr);
             }
         }
+
+        private bool IsAccessTokenValid()
+        {
+            if (AccessToken == null || !AccessTokenValidity.HasValue)
+                return false;
+
+            return AccessTokenValidity.Value.AddSeconds(-TokenValidityOffsetSeconds) >= DateTimeOffset.Now;
+        }
     }
 }