[jira] [Created] (SYNCOPE-1179) JWT "Date" claims are interpreted using milliseconds instead of seconds

Colm O hEigeartaigh (JIRA) Fri, 28 Jul 2017 04:59:25 -0700

Colm O hEigeartaigh created SYNCOPE-1179:
--------------------------------------------


             Summary: JWT "Date" claims are interpreted using milliseconds 
instead of seconds
                 Key: SYNCOPE-1179
                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1179
             Project: Syncope
          Issue Type: Bug
    Affects Versions: 2.0.4
            Reporter: Colm O hEigeartaigh
            Assignee: Colm O hEigeartaigh
             Fix For: 2.0.5, 2.1.0


We currently treat (create + validate) JWT tokens with the claims "exp", "iat" 
and "nbf" as millisecond values. However the spec says that they should be 
seconds instead:

https://tools.ietf.org/html/rfc7519

NumericDate
      A JSON numeric value representing the number of seconds from
      1970-01-01T00:00:00Z UTC until the specified UTC date/time,
      ignoring leap seconds.

exp: ...  Its value MUST be a number
   containing a NumericDate value.

nbf: ... Its value MUST be a number containing a
   NumericDate value.

iat: ...  Its
   value MUST be a number containing a NumericDate value.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (SYNCOPE-1179) JWT "Date" claims are interpreted using milliseconds instead of seconds

Reply via email to