OnBehalfOf claims take second duration (#10664)

OnBehalfOf claims take second duration

Signed-off-by: Stephen Crawford <[email protected]>

Author: stephen-crawford

CHANGELOG.md

@@ -10,7 +10,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 - Allow mmap to use new JDK-19 preview APIs in Apache Lucene 9.4+ ([#5151](https://github.com/opensearch-project/OpenSearch/pull/5151))
 - Add events correlation engine plugin ([#6854](https://github.com/opensearch-project/OpenSearch/issues/6854))
 - Introduce new dynamic cluster setting to control slice computation for concurrent segment search ([#9107](https://github.com/opensearch-project/OpenSearch/pull/9107))
-- Implement on behalf of token passing for extensions ([#8679](https://github.com/opensearch-project/OpenSearch/pull/8679))
+- Implement on behalf of token passing for extensions ([#8679](https://github.com/opensearch-project/OpenSearch/pull/8679), [#10664](https://github.com/opensearch-project/OpenSearch/pull/10664))
 - Provide service accounts tokens to extensions ([#9618](https://github.com/opensearch-project/OpenSearch/pull/9618))
 - [Admission control] Add enhancements to FS stats to include read/write time, queue size and IO time ([#10541](https://github.com/opensearch-project/OpenSearch/pull/10541))
 - [Admission control] Add Resource usage collector service and resource usage tracker  ([#9890](https://github.com/opensearch-project/OpenSearch/pull/9890))

server/src/main/java/org/opensearch/identity/tokens/AuthToken.java

@@ -16,4 +16,5 @@
 public interface AuthToken {
 
     String asAuthHeaderValue();
+
 }

server/src/main/java/org/opensearch/identity/tokens/OnBehalfOfClaims.java

@@ -14,46 +14,17 @@
 public class OnBehalfOfClaims {
 
     private final String audience;
-    private final String subject;
-    private final Long expiration;
-    private final Long not_before;
-    private final Long issued_at;
+    private final Long expiration_seconds;
 
     /**
      * Constructor for OnBehalfOfClaims
      * @param aud the Audience for the token
-     * @param subject the subject of the token
-     * @param expiration the expiration time in seconds for the token
-     * @param not_before the not_before time in seconds for the token
-     * @param issued_at the issued_at time in seconds for the token
-     */
-    public OnBehalfOfClaims(String aud, String subject, Long expiration, Long not_before, Long issued_at) {
-        this.audience = aud;
-        this.subject = subject;
-        this.expiration = expiration;
-        this.not_before = not_before;
-        this.issued_at = issued_at;
-    }
-
-    /**
-     * A constructor that sets a default issued at time of the current time
-     * @param aud the Audience for the token
-     * @param subject the subject of the token
-     * @param expiration the expiration time in seconds for the token
-     * @param not_before the not_before time in seconds for the token
-     */
-    public OnBehalfOfClaims(String aud, String subject, Long expiration, Long not_before) {
-        this(aud, subject, expiration, not_before, System.currentTimeMillis() / 1000);
-    }
+     * @param expiration_seconds the length of time in seconds the token is valid
 
-    /**
-     * A constructor which sets a default not before time of the current time
-     * @param aud the Audience for the token
-     * @param subject the subject of the token
-     * @param expiration the expiration time in seconds for the token
      */
-    public OnBehalfOfClaims(String aud, String subject, Long expiration) {
-        this(aud, subject, expiration, System.currentTimeMillis() / 1000);
+    public OnBehalfOfClaims(String aud, Long expiration_seconds) {
+        this.audience = aud;
+        this.expiration_seconds = expiration_seconds;
     }
 
     /**
@@ -62,26 +33,14 @@ public OnBehalfOfClaims(String aud, String subject, Long expiration) {
      * @param subject the subject of the token
      */
     public OnBehalfOfClaims(String aud, String subject) {
-        this(aud, subject, System.currentTimeMillis() / 1000 + 300);
+        this(aud, 300L);
     }
 
     public String getAudience() {
         return audience;
     }
 
-    public String getSubject() {
-        return subject;
-    }
-
     public Long getExpiration() {
-        return expiration;
-    }
-
-    public Long getNot_before() {
-        return not_before;
-    }
-
-    public Long getIssued_at() {
-        return issued_at;
+        return expiration_seconds;
     }
 }