[jira] [Created] (OLTU-167) JWT iat and exp parsing broken

Tuure Laurinolli (JIRA) Wed, 07 Jan 2015 04:19:43 -0800

Tuure Laurinolli created OLTU-167:
-------------------------------------

             Summary: JWT iat and exp parsing broken
                 Key: OLTU-167
                 URL: https://issues.apache.org/jira/browse/OLTU-167
             Project: Apache Oltu
          Issue Type: Bug
          Components: oauth2-jwt
    Affects Versions: oauth2-1.0.0
            Reporter: Tuure Laurinolli



The code at 
http://grepcode.com/file/repo1.maven.org/maven2/org.apache.oltu.oauth2/org.apache.oltu.oauth2.jwt/1.0.0/org/apache/oltu/oauth2/jwt/io/JWTClaimsSetParser.java#JWTClaimsSetParser
 parses JWT "iat" and "exp" fields as Integers. However, the specfication at 
http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#expDef 
specifies them to be NumericDate values and 
http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#Terminology 
specifies that NumericDate need not be integral.

Even when the values are integers, Integer's range is not sufficient for 
representing dates beyond 2038.

It appears that the SVN trunk version also has this issue.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (OLTU-167) JWT iat and exp parsing broken

Reply via email to