Client Session Max set never expires is not working anymore since 22.0.0 #21927
Description
Before reporting an issue
- I have searched existing issues
- I have reproduced the issue with the latest nightly release
Area
oidc
Describe the bug
A standard
{"error":"invalid_grant","error_description":"User session not found"}
Version
22.0.1
Expected behavior
The user is able to login to the session as usual
Actual behavior
The login is not succesful. There always occurs a CODE_TO_TOKEN_ERROR with the following response
{"error":"invalid_grant","error_description":"User session not found"}
How to Reproduce?
Configure a client to "Client Session Max" = "never expires" in the Advance Settings
Try to login with this client for a webui
Anything else?
I'm not sure but I think the problem happens in SessionExpirationUtils.calculateClientSessionMaxLifespanTimestamp
In case of "Never expires" clientSessionMaxLifespanPerClient will be -1 after this line.
String clientSessionMaxLifespanPerClient = client == null? null : client.getAttribute(OIDCConfigAttributes.CLIENT_SESSION_MAX_LIFESPAN);
I think it was introduced with