When caching a valid token we were updating the database with
exp=now+10m but updating the cache with exp="". When checking the
cache, exp="" indicates we don't need to re-check the access token and
extend the database entry's expiry field -- so we never did, we just
passed through the HMAC, which RailsAPI rejected based on the expiry
time in the database row.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
if err != nil {
return err
}
+ aca.ExpiresAt = exp.Format(time.RFC3339Nano)
ta.cache.Add(tok, aca)
return nil
}