From 3df5f6c6eb44a0ae5e333dc5fcf646061495659b Mon Sep 17 00:00:00 2001
From: jano3 <jano@uafrica.com>
Date: Tue, 7 Feb 2023 11:21:01 +0200
Subject: [PATCH] Return session token if JWT is expired

---
 auth/session.go | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/auth/session.go b/auth/session.go
index c7c81e4..009cef2 100644
--- a/auth/session.go
+++ b/auth/session.go
@@ -51,17 +51,19 @@ func GetSignedSessionTokenString(request events.APIGatewayProxyRequest, secretKe
 
 // ValidateJWTWithSessionTokens attempts to validate the JWT string by signing each session token using the secret, and
 // using the resulting signed session token to validate the JWT. If the JWT can be validated using a session token, the
-// JsonWebToken is returned, otherwise nil is returned.
-func ValidateJWTWithSessionTokens(jsonWebTokenString string, secretKey string, sessionTokens []string) *JsonWebToken {
+// JsonWebToken is returned, otherwise nil is returned. If the JWT is expired, nil is returned along with the session token.
+func ValidateJWTWithSessionTokens(jsonWebTokenString string, secretKey string, sessionTokens []string) (validJsonWebToken *JsonWebToken, expiredSessionToken *string) {
 	// Test each session token to find one that is valid
 	for _, sessionToken := range sessionTokens {
 		jsonWebToken, err := ValidateJWTWithSessionToken(jsonWebTokenString, secretKey, sessionToken)
 		if err == nil {
-			return &jsonWebToken
+			return &jsonWebToken, nil
+		} else if err.Error() == "token has expired" {
+			return nil, &sessionToken
 		}
 	}
 
-	return nil
+	return nil, nil
 }
 
 // FindAndRemoveCurrentSessionToken attempts to validate the JWT string by signing each session token using the secret,
-- 
GitLab