return 401 Unauthorized on expired apiKeys

overture-stack · Aug 8, 2023 · b825425 · b825425
1 parent 00d898f
commit b825425
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/main/java/bio/overture/ego/service/TokenService.java b/src/main/java/bio/overture/ego/service/TokenService.java
@@ -407,7 +407,7 @@ public ApiKeyScopeResponse checkApiKey(final String apiKey) {
     val aK =
         findByApiKeyString(apiKey).orElseThrow(() -> new InvalidTokenException("ApiKey not found"));
 
-    if (aK.isRevoked())
+    if (aK.isRevoked() || aK.getSecondsUntilExpiry() == 0)
       throw new InvalidTokenException(
           format("ApiKey \"%s\" has expired or is no longer valid. ", apiKey));