Skip to content

feat(jwt-exp): exp claim at the access entry level#3761

Merged
andaaron merged 1 commit intoproject-zot:mainfrom
matheuscscp:fine-jwt-exp
Feb 1, 2026
Merged

feat(jwt-exp): exp claim at the access entry level#3761
andaaron merged 1 commit intoproject-zot:mainfrom
matheuscscp:fine-jwt-exp

Conversation

@matheuscscp
Copy link
Copy Markdown
Contributor

@matheuscscp matheuscscp commented Feb 1, 2026

Closes: #3755

@codecov
Copy link
Copy Markdown

codecov bot commented Feb 1, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 91.60%. Comparing base (063014a) to head (ba3dee1).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #3761   +/-   ##
=======================================
  Coverage   91.60%   91.60%           
=======================================
  Files         189      189           
  Lines       26930    26932    +2     
=======================================
+ Hits        24670    24672    +2     
  Misses       1460     1460           
  Partials      800      800

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@rchincha rchincha requested a review from Copilot February 1, 2026 20:27
Copilot AI reviewed Feb 1, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR implements fine-grained JWT access entry expiration, allowing individual resource access entries within a JWT bearer token to have their own expiration times. This addresses issue #3755 and enables use cases like enterprise licenses where different products/repositories can have different expiration times within the same token.

Changes:

  • Added optional ExpiresAt field to ResourceAccess struct in the bearer authentication system
  • Implemented expiration validation logic that skips expired access entries while allowing valid ones
  • Added comprehensive test coverage for the new per-entry expiration feature

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
pkg/api/bearer.go Added optional ExpiresAt field to ResourceAccess struct and implemented expiration check in authorization logic
pkg/api/bearer_test.go Added comprehensive test cases covering future expiration, past expiration, mixed expired/valid entries, and all-expired scenarios

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@matheuscscp
Copy link
Copy Markdown
Contributor Author

matheuscscp commented Feb 1, 2026

@andaaron Should I rebase this one?

@andaaron
Copy link
Copy Markdown
Contributor

andaaron commented Feb 1, 2026

@andaaron Should I rebase this one?

yes.

@matheuscscp
Copy link
Copy Markdown
Contributor Author

matheuscscp commented Feb 1, 2026

On it!

@matheuscscp
feat(jwt-exp): exp claim at the access entry level
ba3dee1 
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
@andaaron andaaron merged commit b9aad15 into project-zot:main Feb 1, 2026
42 checks passed
@matheuscscp matheuscscp deleted the fine-jwt-exp branch February 1, 2026 22:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@andaaron andaaron andaaron approved these changes

@rchincha rchincha Awaiting requested review from rchincha rchincha is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Feat]: Fine-grained expiry for JWT Bearer access entries

3 participants

@matheuscscp @andaaron