Skip to content

Commit

Permalink
Merge pull request #726 from overture-stack/fix/725-check_expired_apiKey
Browse files Browse the repository at this point in the history
return 401 Unauthorized on expired apiKeys
  • Loading branch information
leoraba authored Aug 11, 2023
2 parents 00d898f + b825425 commit 30c3485
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/main/java/bio/overture/ego/service/TokenService.java
Original file line number Diff line number Diff line change
Expand Up @@ -407,7 +407,7 @@ public ApiKeyScopeResponse checkApiKey(final String apiKey) {
val aK =
findByApiKeyString(apiKey).orElseThrow(() -> new InvalidTokenException("ApiKey not found"));

if (aK.isRevoked())
if (aK.isRevoked() || aK.getSecondsUntilExpiry() == 0)
throw new InvalidTokenException(
format("ApiKey \"%s\" has expired or is no longer valid. ", apiKey));

Expand Down

0 comments on commit 30c3485

Please sign in to comment.