syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (SYNCOPE-1179) JWT "Date" claims are interpreted using milliseconds instead of seconds
Date Fri, 28 Jul 2017 13:51:00 GMT

     [ https://issues.apache.org/jira/browse/SYNCOPE-1179?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Colm O hEigeartaigh resolved SYNCOPE-1179.
------------------------------------------
    Resolution: Fixed

> JWT "Date" claims are interpreted using milliseconds instead of seconds
> -----------------------------------------------------------------------
>
>                 Key: SYNCOPE-1179
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1179
>             Project: Syncope
>          Issue Type: Bug
>    Affects Versions: 2.0.4
>            Reporter: Colm O hEigeartaigh
>            Assignee: Colm O hEigeartaigh
>             Fix For: 2.0.5, 2.1.0
>
>
> We currently treat (create + validate) JWT tokens with the claims "exp", "iat" and "nbf"
as millisecond values. However the spec says that they should be seconds instead:
> https://tools.ietf.org/html/rfc7519
> NumericDate
>       A JSON numeric value representing the number of seconds from
>       1970-01-01T00:00:00Z UTC until the specified UTC date/time,
>       ignoring leap seconds.
> exp: ...  Its value MUST be a number
>    containing a NumericDate value.
> nbf: ... Its value MUST be a number containing a
>    NumericDate value.
> iat: ...  Its
>    value MUST be a number containing a NumericDate value.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message