idtoken caching does not handle missing age in http response header #1711
Labels
priority: p2
Moderately-important priority. Fix may not be included in next release.
type: bug
Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
In function calculateExpireTime (see
google-api-go-client/idtoken/cache.go
Lines 98 to 119 in 977e871
According to https://httpwg.org/specs/rfc9111.html#age.calculations, a missing "age" field in the response header should be allowed and treated as if it was 0. So I think we should allow it to be missing.
The text was updated successfully, but these errors were encountered: