fix(auth): fail gracefully when no cache headers are available

auth/token_verifier.go

@@ -432,10 +432,7 @@ func (k *httpKeySource) refreshKeys(ctx context.Context) error {
 		return err
 	}
 
-	maxAge, err := findMaxAge(resp)
-	if err != nil {
-		return err
-	}
+	maxAge := findMaxAge(resp)
 
 	k.CachedKeys = append([]*publicKey(nil), newKeys...)
 	k.ExpiryTime = k.Clock.Now().Add(*maxAge)
@@ -476,19 +473,20 @@ func parsePublicKey(kid string, key []byte) (*publicKey, error) {
 	return &publicKey{kid, pk}, nil
 }
 
-func findMaxAge(resp *http.Response) (*time.Duration, error) {
+func findMaxAge(resp *http.Response) *time.Duration {
+	duration := time.Duration(0) * time.Second
 	cc := resp.Header.Get("cache-control")
 	for _, value := range strings.Split(cc, ",") {
 		value = strings.TrimSpace(value)
 		if strings.HasPrefix(value, "max-age=") {
 			sep := strings.Index(value, "=")
 			seconds, err := strconv.ParseInt(value[sep+1:], 10, 64)
 			if err != nil {
-				return nil, err
+				seconds = 0
 			}
-			duration := time.Duration(seconds) * time.Second
-			return &duration, nil
+			duration = time.Duration(seconds) * time.Second
+			return &duration
 		}
 	}
-	return nil, errors.New("Could not find expiry time from HTTP headers")
+	return &duration
 }

auth/token_verifier_test.go

@@ -140,38 +140,25 @@ func TestFindMaxAge(t *testing.T) {
 		{"max-age=100", 100},
 		{"public, max-age=100", 100},
 		{"public,max-age=100", 100},
+		{"public, max-age=100, must-revalidate, no-transform", 100},
+		{"", 0},
+		{"max-age 100", 0},
+		{"max-age: 100", 0},
+		{"max-age2=100", 0},
+		{"max-age=foo", 0},
+		{"private,", 0},
 	}
 	for _, tc := range cases {
 		resp := &http.Response{
 			Header: http.Header{"Cache-Control": {tc.cc}},
 		}
-		age, err := findMaxAge(resp)
-		if err != nil {
-			t.Errorf("findMaxAge(%q) = %v", tc.cc, err)
-		} else if *age != (time.Duration(tc.want) * time.Second) {
+		age := findMaxAge(resp)
+		if *age != (time.Duration(tc.want) * time.Second) {
 			t.Errorf("findMaxAge(%q) = %v; want = %v", tc.cc, *age, tc.want)
 		}
 	}
 }
 
-func TestFindMaxAgeError(t *testing.T) {
-	cases := []string{
-		"",
-		"max-age 100",
-		"max-age: 100",
-		"max-age2=100",
-		"max-age=foo",
-	}
-	for _, tc := range cases {
-		resp := &http.Response{
-			Header: http.Header{"Cache-Control": []string{tc}},
-		}
-		if age, err := findMaxAge(resp); age != nil || err == nil {
-			t.Errorf("findMaxAge(%q) = (%v, %v); want = (nil, err)", tc, age, err)
-		}
-	}
-}
-
 func TestParsePublicKeys(t *testing.T) {
 	b, err := ioutil.ReadFile("../testdata/public_certs.json")
 	if err != nil {

go.mod

@@ -35,7 +35,7 @@ require (
 	go.opentelemetry.io/otel/metric v1.24.0 // indirect
 	go.opentelemetry.io/otel/trace v1.24.0 // indirect
 	golang.org/x/crypto v0.21.0 // indirect
-	golang.org/x/net v0.22.0 // indirect
+	golang.org/x/net v0.23.0 // indirect
 	golang.org/x/sync v0.6.0 // indirect
 	golang.org/x/sys v0.18.0 // indirect
 	golang.org/x/text v0.14.0 // indirect