From c9e87f054880b31a4eca4bd8d9d676e2e2b517dd Mon Sep 17 00:00:00 2001
From: Harshavardhana <harsha@minio.io>
Date: Sun, 11 Jun 2023 10:34:59 -0700
Subject: [PATCH] service accounts are allowed to have no expiration (#17397)

---
 cmd/iam-store.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/cmd/iam-store.go b/cmd/iam-store.go
index a8f059c95..6de7b2a14 100644
--- a/cmd/iam-store.go
+++ b/cmd/iam-store.go
@@ -2343,11 +2343,17 @@ func extractJWTClaims(u UserIdentity) (*jwt.MapClaims, error) {
 }
 
 func validateSvcExpirationInUTC(expirationInUTC time.Time) error {
+	if expirationInUTC.IsZero() || expirationInUTC.Equal(timeSentinel) {
+		// Service accounts might not have expiration in older releases.
+		return nil
+	}
+
 	currentTime := time.Now().UTC()
 	minExpiration := currentTime.Add(minServiceAccountExpiry)
 	maxExpiration := currentTime.Add(maxServiceAccountExpiry)
 	if expirationInUTC.Before(minExpiration) || expirationInUTC.After(maxExpiration) {
 		return errInvalidSvcAcctExpiration
 	}
+
 	return nil
 }