add ability to issue tokens with no expiry

2026-04-29 12:44:48 +00:00 · 2026-04-29 12:44:48 +00:00 · de907d83cb
commit de907d83cb
parent 1d17fe5577
5 changed files with 76 additions and 9 deletions
--- a/issuer_test.go
+++ b/issuer_test.go
@ -135,6 +135,47 @@ func TestIssueRejectsInvalidTTL(t *testing.T) {
 	}
 }

+func TestIssueNoExpiry(t *testing.T) {
+	now := time.Unix(1_700_000_000, 0)
+	key, _ := GenerateKey()
+	ring, _ := NewKeyRing("k1", key)
+	store := NewMemoryRevocationStore()
+
+	clock := now
+	iss, _ := NewIssuer(ring, store, WithClock(func() time.Time { return clock }))
+	ctx := context.Background()
+
+	tokenStr, err := iss.Issue(ctx, []string{"read"}, nil, NoExpiry)
+	if err != nil {
+		t.Fatalf("Issue: %v", err)
+	}
+
+	tok, err := iss.Validate(ctx, tokenStr)
+	if err != nil {
+		t.Fatalf("Validate: %v", err)
+	}
+	if !tok.NeverExpires() {
+		t.Error("expected NeverExpires() == true")
+	}
+	if !tok.ExpiresAt().IsZero() {
+		t.Errorf("expected zero ExpiresAt, got %v", tok.ExpiresAt())
+	}
+
+	// Far future — still valid.
+	clock = now.Add(100 * 365 * 24 * time.Hour)
+	if _, err := iss.Validate(ctx, tokenStr); err != nil {
+		t.Errorf("Validate far-future: %v", err)
+	}
+
+	// Revocation still works.
+	if err := iss.Revoke(ctx, tokenStr); err != nil {
+		t.Fatalf("Revoke: %v", err)
+	}
+	if _, err := iss.Validate(ctx, tokenStr); !errors.Is(err, ErrRevokedToken) {
+		t.Errorf("expected ErrRevoked after revoke, got %v", err)
+	}
+}
+
 func TestValidateExpired(t *testing.T) {
 	now := time.Unix(1_700_000_000, 0)
 	key, _ := GenerateKey()