diff --git a/swh/auth/django/utils.py b/swh/auth/django/utils.py --- a/swh/auth/django/utils.py +++ b/swh/auth/django/utils.py @@ -80,7 +80,8 @@ user = oidc_user_from_decoded_token(decoded_token, client_id=oidc_client.client_id) # get authentication init datetime - auth_datetime = datetime.fromtimestamp(decoded_token["auth_time"]) + auth_time = decoded_token.get("auth_time", decoded_token["iat"]) + auth_datetime = datetime.fromtimestamp(auth_time) exp_datetime = datetime.fromtimestamp(decoded_token["exp"]) # compute OIDC tokens expiration date diff --git a/swh/auth/tests/test_utils.py b/swh/auth/tests/test_utils.py --- a/swh/auth/tests/test_utils.py +++ b/swh/auth/tests/test_utils.py @@ -28,6 +28,7 @@ decoded_token = copy(DECODED_TOKEN) decoded_token["groups"] = ["/staff", "api"] decoded_token["resource_access"] = {CLIENT_ID: {"roles": ["read-api"]}} + decoded_token.pop("auth_time") user = oidc_user_from_decoded_token(decoded_token, client_id=CLIENT_ID)