From 06f59ad6310b4b514420bfec60e8e91f327e5140 Mon Sep 17 00:00:00 2001
From: Adrian Najera <39295224+adriangitvitz@users.noreply.github.com>
Date: Mon, 30 Oct 2023 11:21:34 -0600
Subject: [PATCH] fix: expiration time for share link when using OpenID
 (#18297)

---
 cmd/common-main.go                        | 7 +++++--
 internal/config/constants.go              | 3 ++-
 internal/config/identity/openid/openid.go | 7 ++++++-
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/cmd/common-main.go b/cmd/common-main.go
index ce31c3702..b5583ce96 100644
--- a/cmd/common-main.go
+++ b/cmd/common-main.go
@@ -167,9 +167,12 @@ func minioConfigToConsoleFeatures() {
 	if value := env.Get(config.EnvBrowserLoginAnimation, "on"); value != "" {
 		os.Setenv("CONSOLE_ANIMATED_LOGIN", value)
 	}
+
 	// Pass on the session duration environment variable, else we will default to 12 hours
-	if value := env.Get(config.EnvBrowserSessionDuration, ""); value != "" {
-		os.Setenv("CONSOLE_STS_DURATION", value)
+	if valueSts := env.Get(config.EnvMinioStsDuration, ""); valueSts != "" {
+		os.Setenv("CONSOLE_STS_DURATION", valueSts)
+	} else if valueSession := env.Get(config.EnvBrowserSessionDuration, ""); valueSession != "" {
+		os.Setenv("CONSOLE_STS_DURATION", valueSession)
 	}
 
 	os.Setenv("CONSOLE_MINIO_REGION", globalSite.Region)
diff --git a/internal/config/constants.go b/internal/config/constants.go
index f83401b15..207641533 100644
--- a/internal/config/constants.go
+++ b/internal/config/constants.go
@@ -67,7 +67,8 @@ const (
 	EnvRootDriveThresholdSize     = "MINIO_ROOTDRIVE_THRESHOLD_SIZE"
 	EnvRootDiskThresholdSize      = "MINIO_ROOTDISK_THRESHOLD_SIZE" // Deprecated Sep 2023
 	EnvBrowserLoginAnimation      = "MINIO_BROWSER_LOGIN_ANIMATION"
-	EnvBrowserSessionDuration     = "MINIO_BROWSER_SESSION_DURATION"
+	EnvBrowserSessionDuration     = "MINIO_BROWSER_SESSION_DURATION" // Deprecated after November 2023
+	EnvMinioStsDuration           = "MINIO_STS_DURATION"
 	EnvMinIOLogQueryURL           = "MINIO_LOG_QUERY_URL"
 	EnvMinIOLogQueryAuthToken     = "MINIO_LOG_QUERY_AUTH_TOKEN"
 	EnvMinIOPrometheusURL         = "MINIO_PROMETHEUS_URL"
diff --git a/internal/config/identity/openid/openid.go b/internal/config/identity/openid/openid.go
index 787eaef33..0f0baad04 100644
--- a/internal/config/identity/openid/openid.go
+++ b/internal/config/identity/openid/openid.go
@@ -36,6 +36,7 @@ import (
 	"github.com/minio/minio/internal/config"
 	"github.com/minio/minio/internal/config/identity/openid/provider"
 	"github.com/minio/minio/internal/hash/sha256"
+	"github.com/minio/pkg/v2/env"
 	xnet "github.com/minio/pkg/v2/net"
 	"github.com/minio/pkg/v2/policy"
 )
@@ -599,7 +600,11 @@ func (r Config) GetRoleInfo() map[arn.ARN]string {
 
 // GetDefaultExpiration - returns the expiration seconds expected.
 func GetDefaultExpiration(dsecs string) (time.Duration, error) {
-	defaultExpiryDuration := time.Duration(60) * time.Minute // Defaults to 1hr.
+	timeout := env.Get(config.EnvMinioStsDuration, "")
+	defaultExpiryDuration, err := time.ParseDuration(timeout)
+	if err != nil {
+		defaultExpiryDuration = time.Duration(60) * time.Minute
+	}
 	if dsecs != "" {
 		expirySecs, err := strconv.ParseInt(dsecs, 10, 64)
 		if err != nil {