Colm O hEigeartaigh created SYNCOPE-1179: --------------------------------------------
Summary: JWT "Date" claims are interpreted using milliseconds instead of seconds Key: SYNCOPE-1179 URL: https://issues.apache.org/jira/browse/SYNCOPE-1179 Project: Syncope Issue Type: Bug Affects Versions: 2.0.4 Reporter: Colm O hEigeartaigh Assignee: Colm O hEigeartaigh Fix For: 2.0.5, 2.1.0 We currently treat (create + validate) JWT tokens with the claims "exp", "iat" and "nbf" as millisecond values. However the spec says that they should be seconds instead: https://tools.ietf.org/html/rfc7519 NumericDate A JSON numeric value representing the number of seconds from 1970-01-01T00:00:00Z UTC until the specified UTC date/time, ignoring leap seconds. exp: ... Its value MUST be a number containing a NumericDate value. nbf: ... Its value MUST be a number containing a NumericDate value. iat: ... Its value MUST be a number containing a NumericDate value. -- This message was sent by Atlassian JIRA (v6.4.14#64029)