Fixes manfredsteyer#1318 by multiplying decreaseExpirationBySec with 1000. Also fixes wrong subtraction of getClockSkewInMsec

IchbinkeinReh · IchbinkeinReh · commit 53865ae8305f · 2023-12-01T14:50:10.000+01:00
Signed-off-by: Patrick Bender &lt;Patrick.Bender@softgarden.de&gt;
diff --git a/projects/lib/src/oauth-service.ts b/projects/lib/src/oauth-service.ts
@@ -2268,7 +2268,7 @@ export class OAuthService extends AuthConfig implements OnDestroy {
 
     if (
       issuedAtMSec - clockSkewInMSec >= now ||
-      expiresAtMSec + clockSkewInMSec - this.decreaseExpirationBySec <= now
+      expiresAtMSec + clockSkewInMSec - this.decreaseExpirationBySec * 1000 <= now
     ) {
       const err = 'Token has expired';
       console.error(err);
@@ -2424,8 +2424,7 @@ export class OAuthService extends AuthConfig implements OnDestroy {
       const now = this.dateTimeService.new();
       if (
         expiresAt &&
-        parseInt(expiresAt, 10) - this.decreaseExpirationBySec <
-          now.getTime() - this.getClockSkewInMsec()
+        parseInt(expiresAt, 10) - this.decreaseExpirationBySec * 1000 < now.getTime()
       ) {
         return false;
       }
