Use public metadata expiry time as BlindSignAuth token expiry
PiperOrigin-RevId: 534164782
diff --git a/quiche/blind_sign_auth/blind_sign_auth.cc b/quiche/blind_sign_auth/blind_sign_auth.cc
index b1d8ae5..dd2935e 100644
--- a/quiche/blind_sign_auth/blind_sign_auth.cc
+++ b/quiche/blind_sign_auth/blind_sign_auth.cc
@@ -82,6 +82,16 @@
callback(absl::InternalError("Failed to parse GetInitialDataResponse"));
return;
}
+ absl::StatusOr<absl::Time> public_metadata_expiry_time =
+ private_membership::anonymous_tokens::TimeFromProto(
+ initial_data_response.public_metadata_info()
+ .public_metadata()
+ .expiration());
+ if (!public_metadata_expiry_time.ok()) {
+ callback(
+ absl::InternalError("Failed to parse public metadata expiration time"));
+ return;
+ }
// Create RSA BSSA client.
auto bssa_client =
@@ -93,14 +103,6 @@
callback(bssa_client.status());
return;
}
- absl::StatusOr<absl::Time> public_key_expiry_time =
- private_membership::anonymous_tokens::TimeFromProto(
- initial_data_response.at_public_metadata_public_key()
- .expiration_time());
- if (!public_key_expiry_time.ok()) {
- callback(absl::InternalError("Failed to parse public key expiration time"));
- return;
- }
// Create plaintext tokens.
// Client blinds plaintext tokens (random 32-byte strings) in CreateRequest.
@@ -163,7 +165,7 @@
"/v1/authWithHeaderCreds", oauth_token.data(),
sign_request.SerializeAsString(),
[this, at_sign_request, public_metadata_info,
- expiry_time_ = public_key_expiry_time.value(),
+ expiry_time_ = public_metadata_expiry_time.value(),
bssa_client_ = bssa_client.value().get(),
callback](absl::StatusOr<BlindSignHttpResponse> response) {
AuthAndSignCallback(response, public_metadata_info, expiry_time_,