Expiration emtpy struct in the token

[Noooste]

Thanks for this middleware that adds teamIds on github. It's really useful!

I encounter some issues with the setup of the middleware on kubernetes: the token doesn't contain any expiration timestamp.

traefik/values.yaml

experimental:
  plugins:
    github-oauth:
      moduleName: "github.com/luizfonseca/traefik-github-oauth-plugin"
      version: v0.7.0

I have deployed the image with helm charts, here is the environment passed to the server:

env:
  - name: GITHUB_OAUTH_CLIENT_ID
    valueFrom:
      secretKeyRef:
        name: github-traefik-credentials
        key: clientId
  - name: GITHUB_OAUTH_CLIENT_SECRET
    valueFrom:
      secretKeyRef:
        name: github-traefik-credentials
        key: clientSecret
  - name: GITHUB_OAUTH_SCOPES
    value: "read:org"
  - name: API_BASE_URL
    value: "https://oauth.<my_domain>"
  - name: SERVER_ADDRESS
    value: ":8080"

and the defined middleware resource:

apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: github-auth
  namespace: traefik
spec:
  plugin:
    github-oauth:
      apiBaseUrl: http://oauth-server.traefik.svc.cluster.local
      authPath: /_auth
      logLevel: debug
      whitelist:
        teams:
          - 14872512

When accessing to one of protected resources, it loops redirect between github and the middleware.

The is the last url before looping
https://<hostname>/_auth?rid=d47m78dtuu8s73cjn630
sets the cookie

set-cookie: com.github.oauth.priv.jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOnt9LCJpZCI6IjgzNTQ4NzMzIiwibG9naW4iOiJOb29vc3RlIiwidGVhbXMiOlsiMTIzNTcwMTIiLCIxNDg3MjUxMiIsIjExODQyMzgxIl19.pM2dGTLnoEzt7CB2mKhVA2jRQb3_MVzkNl4qDFxCsoI;  Expires=Sun, 09 Nov 2025 15:37:06 GMT; HttpOnly

With payload:

{
  "exp": {}, // this should not be empty
  "id": "83548733",
  "login": "Noooste",
  "teams": [
    "12357012",
    "14872512",
    "11842381"
  ]
}

Do you know where it comes from ? Even when setting explicit jwtExpirationInHours: 24 in Middleware declaration I get the same issue. Thanks!

[luizfonseca]

@Noooste I'm not aware of issues in regards to this part... 🤔 -- the source is here

traefik-github-oauth-plugin/internal/pkg/jwt/jwt.go

Line 22 in 5aaa72f

"exp": jwt.NewNumericDate(exp.Add(time.Second * 60)),

to which we run tests against explicitly.

That said, I'll investigate for a bit to see if there was any version bumps that could affect this.

[b2un0]

@luizfonseca

i have the same issue with exactly the same config as @Noooste

in traefik i got this error

service=traefik-github-oauth-middleware level=debug msg=Failed to generate oauth page url: json: cannot unmarshal number into Go value of type struct { OAuthPageURL string "json:"oauth_page_url"" }

[luizfonseca]

Hm this might be on GH side -- I haven't had much time to debug this further, so happy for any pointers or PRs addressing it.