oltu-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tuure Laurinolli (JIRA)" <j...@apache.org>
Subject [jira] [Created] (OLTU-167) JWT iat and exp parsing broken
Date Wed, 07 Jan 2015 12:18:35 GMT
Tuure Laurinolli created OLTU-167:

             Summary: JWT iat and exp parsing broken
                 Key: OLTU-167
                 URL: https://issues.apache.org/jira/browse/OLTU-167
             Project: Apache Oltu
          Issue Type: Bug
          Components: oauth2-jwt
    Affects Versions: oauth2-1.0.0
            Reporter: Tuure Laurinolli

The code at http://grepcode.com/file/repo1.maven.org/maven2/org.apache.oltu.oauth2/org.apache.oltu.oauth2.jwt/1.0.0/org/apache/oltu/oauth2/jwt/io/JWTClaimsSetParser.java#JWTClaimsSetParser
parses JWT "iat" and "exp" fields as Integers. However, the specfication at http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#expDef
specifies them to be NumericDate values and http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#Terminology
specifies that NumericDate need not be integral.

Even when the values are integers, Integer's range is not sufficient for representing dates
beyond 2038.

It appears that the SVN trunk version also has this issue.

This message was sent by Atlassian JIRA

View raw message