oltu-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Simone Tripodi (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (OLTU-172) Handle invalid JWT exp field more gracefully
Date Wed, 25 Oct 2017 14:38:00 GMT

     [ https://issues.apache.org/jira/browse/OLTU-172?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Simone Tripodi resolved OLTU-172.
       Resolution: Fixed
    Fix Version/s: oauth2-1.0.3

Looks like this was resolved via OLTU-196, thanks anyway for your help, very appreciated!

> Handle invalid JWT exp field more gracefully
> --------------------------------------------
>                 Key: OLTU-172
>                 URL: https://issues.apache.org/jira/browse/OLTU-172
>             Project: Apache Oltu
>          Issue Type: Bug
>          Components: oauth2-jwt
>            Reporter: Thomas Meyer
>            Assignee: Antonio Sanso
>            Priority: Minor
>              Labels: review
>             Fix For: oauth2-1.0.3
>         Attachments: JWTClaimsSetParser-Number-Cast-v1.patch
> Hi,
> Sadly WSO2 create invalid JW tokens with an "exp" field with millisecond resolution.
According to the spec the field "exp" should only contain second resolution.
> When JWTReader tries to parse the exp field a ClassCastException will occur, becaue a
Long object is returned and not an Integer.
> Attached patch casts to the super class method to cover Long and Integer values correctly.
> What do you think about this patch? Okay to go in?

This message was sent by Atlassian JIRA

View raw message