From b895f49c52ef3d37fa4ab55e656b5e279d3237d9 Mon Sep 17 00:00:00 2001
From: Brian Van Klaveren <bvan@slac.stanford.edu>
Date: Tue, 12 Feb 2019 10:32:26 -0800
Subject: [PATCH] Use idToken expiry because that's the time checked for
 refresh RefreshSessionIfNeeded checks the token expiry, we want to use the ID
 token's expiry

---
 providers/oidc.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/providers/oidc.go b/providers/oidc.go
index 08ea082..b0d2dda 100644
--- a/providers/oidc.go
+++ b/providers/oidc.go
@@ -128,7 +128,7 @@ func (p *OIDCProvider) createSessionState(ctx context.Context, token *oauth2.Tok
 		IDToken:      rawIDToken,
 		RefreshToken: token.RefreshToken,
 		CreatedAt:    time.Now(),
-		ExpiresOn:    token.Expiry,
+		ExpiresOn:    idToken.Expiry,
 		Email:        claims.Email,
 		User:         claims.Subject,
 	}, nil