reta commented on a change in pull request #552: JWT Token lifetime incorrectly
calculated causing token to expire.
URL: https://github.com/apache/cxf/pull/552#discussion_r282697933
##########
File path:
rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java
##########
@@ -76,8 +77,7 @@ private AccessTokenValidation
convertClaimsToValidation(JwtClaims claims) {
if (claims.getIssuedAt() != null) {
atv.setTokenIssuedAt(claims.getIssuedAt());
} else {
- Instant now = Instant.now();
- atv.setTokenIssuedAt(now.toEpochMilli());
+ atv.setTokenIssuedAt(OAuthUtils.getIssuedAt());
Review comment:
Indeed, you are right, it should be in seconds, as per
https://tools.ietf.org/html/rfc7519
> value representing the number of seconds from 1970-01-01T00:00:00Z UTC
until the specified UTC date/time
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
