oauth: auto refresh at the target client

lws-team · lws-team · commit fdf5d9519046 · 2026-04-13T12:11:07.000+01:00
diff --git a/include/libwebsockets/lws-jwt-auth.h b/include/libwebsockets/lws-jwt-auth.h
@@ -78,6 +78,16 @@ lws_jwt_auth_get_sub(struct lws_jwt_auth *ja);
 LWS_VISIBLE LWS_EXTERN uint32_t
 lws_jwt_auth_get_uid(struct lws_jwt_auth *ja);
 
+/**
+ * lws_jwt_auth_get_exp() - Extract the expiration timestamp
+ *
+ * \param ja: The opaque helper object
+ *
+ * \return the uint64_t expiration unix timestamp, or 0 if missing.
+ */
+LWS_VISIBLE LWS_EXTERN uint64_t
+lws_jwt_auth_get_exp(struct lws_jwt_auth *ja);
+
 /**
  * lws_jwt_auth_count_grants() - Return the scalar count of active parsed grants
  *
diff --git a/lib/jose/jws/jwt-auth.c b/lib/jose/jws/jwt-auth.c
@@ -275,6 +275,14 @@ lws_jwt_auth_get_uid(struct lws_jwt_auth *ja)
 	return ja->uid;
 }
 
+uint64_t
+lws_jwt_auth_get_exp(struct lws_jwt_auth *ja)
+{
+	if (!ja)
+		return 0;
+	return ja->exp;
+}
+
 uint32_t
 lws_jwt_auth_count_grants(struct lws_jwt_auth *ja)
 {
diff --git a/plugins/protocol_lws_login/protocol_lws_login.c b/plugins/protocol_lws_login/protocol_lws_login.c
@@ -135,6 +135,16 @@ static const char * const canned_js =
         "c+='<strong class=\"lws-login-identity\">'+st.identity+'</strong><br>';"
         "c+=a+' <a class=\"lws-login-link lws-login-logout\" href=\"'+u+'\">Logout</a>';"
         "if(!st.has_grant&&!st.is_admin)c+='<div class=\"lws-login-err\">login lacks grant</div><br>';"
+        "if(st.exp){"
+        "var n=Date.now()/1000;"
+        "var m=st.exp-n;"
+        "if(m>0&&m<86400){"
+        "setTimeout(function(){"
+        "var s=st.login_url.split('redirect_uri=')[0]+'redirect_uri='+encodeURIComponent(window.location.href);"
+        "window.location.href=s;"
+        "},(m-60)*1000);"
+        "}"
+        "}"
         "}else{"
         "var s=st.login_url.split('redirect_uri=')[0]+'redirect_uri='+encodeURIComponent(window.location.href);"
         "c+='<div class=\"lws-login-mb\">Not logged in</div>';"
@@ -984,8 +994,8 @@ callback_lws_login(struct lws *wsi, enum lws_callback_reasons reason,
 				const char *sub = lws_jwt_auth_get_sub(pss->ja);
 				int is_admin = lws_jwt_auth_query_grant(pss->ja, "*") >= 1;
 				int has_grant = lws_jwt_auth_query_grant(pss->ja, service_name) >= vhd->min_grant_level;
-				lws_snprintf(pl, sizeof(pl), "{\"logged_in\":1,\"has_grant\":%d,\"identity\":\"%s\",\"auth_server_url\":\"%s\",\"login_url\":\"%s\",\"is_admin\":%d}",
-					has_grant, sub ? sub : "Unknown", vhd->auth_server_url, dest, is_admin);
+				lws_snprintf(pl, sizeof(pl), "{\"logged_in\":1,\"exp\":%llu,\"has_grant\":%d,\"identity\":\"%s\",\"auth_server_url\":\"%s\",\"login_url\":\"%s\",\"is_admin\":%d}",
+					(unsigned long long)lws_jwt_auth_get_exp(pss->ja), has_grant, sub ? sub : "Unknown", vhd->auth_server_url, dest, is_admin);
 			} else
 				lws_snprintf(pl, sizeof(pl), "{\"logged_in\":0,\"login_url\":\"%s\"}", dest);
 

Original file line number	Diff line number	Diff line change
`@@ -275,6 +275,14 @@ lws_jwt_auth_get_uid(struct lws_jwt_auth *ja)`
`275`	`275`	`return ja->uid;`
`276`	`276`	`}`
`277`	`277`
	`278`	`+uint64_t`
	`279`	`+lws_jwt_auth_get_exp(struct lws_jwt_auth *ja)`
	`280`	`+{`
	`281`	`+ if (!ja)`
	`282`	`+ return 0;`
	`283`	`+ return ja->exp;`
	`284`	`+}`
	`285`	`+`
`278`	`286`	`uint32_t`
`279`	`287`	`lws_jwt_auth_count_grants(struct lws_jwt_auth *ja)`
`280`	`288`	`{`