Add expires_in to introspection responses (#4241)

Closes #4224 Corresponds to: element-hq/synapse#18231
2026-05-25 20:44:31 +00:00 · 2025-03-17 11:10:05 +00:00
parent 878efa1b69 910630c9b8
commit f73b5df85d
2 changed files with 14 additions and 0 deletions
@@ -151,6 +151,7 @@ const INACTIVE: IntrospectionResponse = IntrospectionResponse {
    username: None,
    token_type: None,
    exp: None,
+    expires_in: None,
    iat: None,
    nbf: None,
    sub: None,
@@ -281,6 +282,9 @@ pub(crate) async fn post(
                username,
                token_type: Some(OAuthTokenTypeHint::AccessToken),
                exp: access_token.expires_at,
+                expires_in: access_token
+                    .expires_at
+                    .map(|expires_at| expires_at.signed_duration_since(clock.now())),
                iat: Some(access_token.created_at),
                nbf: Some(access_token.created_at),
                sub,
@@ -341,6 +345,7 @@ pub(crate) async fn post(
                username,
                token_type: Some(OAuthTokenTypeHint::RefreshToken),
                exp: None,
+                expires_in: None,
                iat: Some(refresh_token.created_at),
                nbf: Some(refresh_token.created_at),
                sub,
@@ -414,6 +419,9 @@ pub(crate) async fn post(
                username: Some(user.username),
                token_type: Some(OAuthTokenTypeHint::AccessToken),
                exp: access_token.expires_at,
+                expires_in: access_token
+                    .expires_at
+                    .map(|expires_at| expires_at.signed_duration_since(clock.now())),
                iat: Some(access_token.created_at),
                nbf: Some(access_token.created_at),
                sub: Some(user.sub),
@@ -487,6 +495,7 @@ pub(crate) async fn post(
                username: Some(user.username),
                token_type: Some(OAuthTokenTypeHint::RefreshToken),
                exp: None,
+                expires_in: None,
                iat: Some(refresh_token.created_at),
                nbf: Some(refresh_token.created_at),
                sub: Some(user.sub),
@@ -767,6 +767,11 @@ pub struct IntrospectionResponse {
    #[serde_as(as = "Option<TimestampSeconds>")]
    pub exp: Option<DateTime<Utc>>,

+    /// Relative timestamp indicating when the token will expire,
+    /// in seconds from the current instant.
+    #[serde_as(as = "Option<DurationSeconds<i64>>")]
+    pub expires_in: Option<Duration>,
+
    /// Timestamp indicating when the token was issued.
    #[serde_as(as = "Option<TimestampSeconds>")]
    pub iat: Option<DateTime<Utc>>,