Merge pull request #20954 from jdavcs/25.0_refresh_token_fix

dannon · web-flow · commit 7a5abce4f57f · 2025-09-30T09:47:15.000-04:00
[25.0] Check for expiration in refresh token dictionary
diff --git a/lib/galaxy/authnz/psa_authnz.py b/lib/galaxy/authnz/psa_authnz.py
@@ -191,11 +191,8 @@ def refresh(self, trans, user_authnz_token):
         ):
             return False
         # refresh tokens if they reached their half lifetime
-        if "expires" in user_authnz_token.extra_data:
-            expires = user_authnz_token.extra_data["expires"]
-        elif "expires_in" in user_authnz_token.extra_data:
-            expires = user_authnz_token.extra_data["expires_in"]
-        else:
+        expires = self._try_to_locate_refresh_token_expiration(user_authnz_token.extra_data)
+        if not expires:
             log.debug("No `expires` or `expires_in` key found in token extra data, cannot refresh")
             return False
         if (
@@ -212,6 +209,14 @@ def refresh(self, trans, user_authnz_token):
             return True
         return False
 
+    def _try_to_locate_refresh_token_expiration(self, extra_data):
+        return (
+            extra_data.get("expires", None)
+            or extra_data.get("expires_in", None)
+            or extra_data["refresh_token"].get("expires", None)
+            or extra_data["refresh_token"].get("expires_in", None)
+        )
+
     def authenticate(self, trans, idphint=None):
         on_the_fly_config(trans.sa_session)
         strategy = Strategy(trans.request, trans.session, Storage, self.config)
