oltu-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Antonio Sanso (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (OLTU-167) JWT iat and exp parsing broken
Date Wed, 07 Jan 2015 12:23:34 GMT

    [ https://issues.apache.org/jira/browse/OLTU-167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14267571#comment-14267571

Antonio Sanso commented on OLTU-167:

[~tazle][~tuure.laurinolli@portalify.com] thanks for reporting. Patch are welcome :)

> JWT iat and exp parsing broken
> ------------------------------
>                 Key: OLTU-167
>                 URL: https://issues.apache.org/jira/browse/OLTU-167
>             Project: Apache Oltu
>          Issue Type: Bug
>          Components: oauth2-jwt
>    Affects Versions: oauth2-1.0.0
>            Reporter: Tuure Laurinolli
> The code at http://grepcode.com/file/repo1.maven.org/maven2/org.apache.oltu.oauth2/org.apache.oltu.oauth2.jwt/1.0.0/org/apache/oltu/oauth2/jwt/io/JWTClaimsSetParser.java#JWTClaimsSetParser
parses JWT "iat" and "exp" fields as Integers. However, the specfication at http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#expDef
specifies them to be NumericDate values and http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#Terminology
specifies that NumericDate need not be integral.
> Even when the values are integers, Integer's range is not sufficient for representing
dates beyond 2038.
> It appears that the SVN trunk version also has this issue.

This message was sent by Atlassian JIRA

View raw message