From 7213603a3d9ddb57018396460d270597c6e827a7 Mon Sep 17 00:00:00 2001
From: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Date: Mon, 11 Nov 2024 16:05:28 -0500
Subject: [PATCH] Tests/extend token validity (#1669)

### Feature or Bugfix
<!-- please choose -->
- Tests


### Detail
- Extend Token Validity if integration tests enabled to account for
tests runtime
- Add Env Variable change to cognito URLs Custom Resource to force
re-run and setting callback URLs
- @petrkalos - let me know if you had come up with a better solution to
this part of custom resource execution

### Relates
- <URL or Ticket>

### Security
Please answer the questions below briefly where applicable, or write
`N/A`. Based on
[OWASP 10](https://owasp.org/Top10/en/).

- Does this PR introduce or modify any input fields or queries - this
includes
fetching data from storage outside the application (e.g. a database, an
S3 bucket)?
  - Is the input sanitized?
- What precautions are you taking before deserializing the data you
consume?
  - Is injection prevented by parametrizing queries?
  - Have you ensured no `eval` or similar functions are used?
- Does this PR introduce any functionality or component that requires
authorization?
- How have you ensured it respects the existing AuthN/AuthZ mechanisms?
  - Are you logging failed auth attempts?
- Are you using or adding any cryptographic features?
  - Do you use a standard proven implementations?
  - Are the used keys controlled by the customer? Where are they stored?
- Are you introducing any new policies/roles/users?
  - Have you used the least-privilege principle? How?


By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
---
 deploy/stacks/cognito.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deploy/stacks/cognito.py b/deploy/stacks/cognito.py
index 78bd4d20c..ed18225fc 100644
--- a/deploy/stacks/cognito.py
+++ b/deploy/stacks/cognito.py
@@ -100,7 +100,7 @@ def __init__(
                 domain_prefix=f"{resource_prefix.replace('-', '')}{envname}{self.region.replace('-', '')}{self.account}"
             ),
         )
-        id_token_duration = 120 if with_approval_tests else 60
+        id_token_duration = 180 if with_approval_tests else 60
         self.client = cognito.UserPoolClient(
             self,
             f'AppClient-{envname}',