FIX: Use STS env variable to increase the IDP token expiration (#3132)

Share link duration is based on the token expiration,
this increases the IDP token expiration so the share link
is able to last longer, by using an env variable called
MINIO_STS_DURATION

Author: adriangitvitz

pkg/auth/idp/oauth2/config.go

@@ -20,9 +20,7 @@ package oauth2
 
 import (
 	"crypto/sha1"
-	"strconv"
 	"strings"
-	"time"
 
 	"github.com/minio/console/pkg/auth/token"
 	"github.com/minio/pkg/v2/env"
@@ -106,15 +104,3 @@ func getSaltForIDPHmac() string {
 func getIDPScopes() string {
 	return env.Get(ConsoleIDPScopes, "openid,profile,email")
 }
-
-// getIDPTokenExpiration return default token expiration for access token
-func getIDPTokenExpiration() time.Duration {
-	expiration := 12 * 3600
-	if expStr := env.Get(ConsoleIDPTokenExpiration, ""); expStr != "" {
-		if exp, err := strconv.Atoi(expStr); err == nil {
-			expiration = exp
-		}
-	}
-
-	return time.Duration(expiration) * time.Second
-}

pkg/auth/idp/oauth2/provider.go

@@ -28,11 +28,11 @@ import (
 	"strings"
 	"time"
 
-	"github.com/minio/minio-go/v7/pkg/credentials"
-	"github.com/minio/minio-go/v7/pkg/set"
-
 	"github.com/minio/console/pkg/auth/token"
 	"github.com/minio/console/pkg/auth/utils"
+	"github.com/minio/minio-go/v7/pkg/credentials"
+	"github.com/minio/minio-go/v7/pkg/set"
+	"github.com/minio/pkg/v2/env"
 	"golang.org/x/crypto/pbkdf2"
 	"golang.org/x/oauth2"
 	xoauth2 "golang.org/x/oauth2"
@@ -331,14 +331,18 @@ func (client *Provider) VerifyIdentity(ctx context.Context, code, state, roleARN
 		}
 		client.RefreshToken = oauth2Token.RefreshToken
 
-		expiration := token.GetConsoleSTSDuration()
-		if exp := getIDPTokenExpiration(); exp > 0 {
-			expiration = exp
-		}
+		envStsDuration := env.Get(token.ConsoleSTSDuration, "")
+		stsDuration, err := time.ParseDuration(envStsDuration)
+
+		expiration := 12 * time.Hour
 
-		// Use the expiration configured in the token itself if it is closer than the configured value
-		if exp := oauth2Token.Expiry.Sub(time.Now().UTC()); exp < expiration {
-			expiration = exp
+		if err == nil && stsDuration > 0 {
+			expiration = stsDuration
+		} else {
+			// Use the expiration configured in the token itself if it is closer than the configured value
+			if exp := oauth2Token.Expiry.Sub(time.Now().UTC()); exp < expiration {
+				expiration = exp
+			}
 		}
 
 		// Minimum duration in S3 spec is 15 minutes, do not bother returning