[
https://issues.apache.org/jira/browse/OLTU-167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14267571#comment-14267571
]
Antonio Sanso commented on OLTU-167:
------------------------------------
[~tazle][[email protected]] thanks for reporting. Patch are
welcome :)
> JWT iat and exp parsing broken
> ------------------------------
>
> Key: OLTU-167
> URL: https://issues.apache.org/jira/browse/OLTU-167
> Project: Apache Oltu
> Issue Type: Bug
> Components: oauth2-jwt
> Affects Versions: oauth2-1.0.0
> Reporter: Tuure Laurinolli
>
> The code at
> http://grepcode.com/file/repo1.maven.org/maven2/org.apache.oltu.oauth2/org.apache.oltu.oauth2.jwt/1.0.0/org/apache/oltu/oauth2/jwt/io/JWTClaimsSetParser.java#JWTClaimsSetParser
> parses JWT "iat" and "exp" fields as Integers. However, the specfication at
> http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#expDef
> specifies them to be NumericDate values and
> http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#Terminology
> specifies that NumericDate need not be integral.
> Even when the values are integers, Integer's range is not sufficient for
> representing dates beyond 2038.
> It appears that the SVN trunk version also has this issue.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
