syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Created] (SYNCOPE-1179) JWT "Date" claims are interpreted using milliseconds instead of seconds
Date Fri, 28 Jul 2017 11:59:00 GMT
Colm O hEigeartaigh created SYNCOPE-1179:
--------------------------------------------

             Summary: JWT "Date" claims are interpreted using milliseconds instead of seconds
                 Key: SYNCOPE-1179
                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1179
             Project: Syncope
          Issue Type: Bug
    Affects Versions: 2.0.4
            Reporter: Colm O hEigeartaigh
            Assignee: Colm O hEigeartaigh
             Fix For: 2.0.5, 2.1.0


We currently treat (create + validate) JWT tokens with the claims "exp", "iat" and "nbf" as
millisecond values. However the spec says that they should be seconds instead:

https://tools.ietf.org/html/rfc7519

NumericDate
      A JSON numeric value representing the number of seconds from
      1970-01-01T00:00:00Z UTC until the specified UTC date/time,
      ignoring leap seconds.

exp: ...  Its value MUST be a number
   containing a NumericDate value.

nbf: ... Its value MUST be a number containing a
   NumericDate value.

iat: ...  Its
   value MUST be a number containing a NumericDate value.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message