[jira] [Updated] (OLTU-167) JWT iat and exp parsing broken

Antonio Sanso (JIRA) Wed, 25 Oct 2017 06:09:32 -0700

     [ 
https://issues.apache.org/jira/browse/OLTU-167?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Antonio Sanso updated OLTU-167:
-------------------------------
    Labels: review  (was: )

> JWT iat and exp parsing broken
> ------------------------------
>
>                 Key: OLTU-167
>                 URL: https://issues.apache.org/jira/browse/OLTU-167
>             Project: Apache Oltu
>          Issue Type: Bug
>          Components: oauth2-jwt
>    Affects Versions: oauth2-1.0.0
>            Reporter: Tuure Laurinolli
>              Labels: review
>
> The code at 
> http://grepcode.com/file/repo1.maven.org/maven2/org.apache.oltu.oauth2/org.apache.oltu.oauth2.jwt/1.0.0/org/apache/oltu/oauth2/jwt/io/JWTClaimsSetParser.java#JWTClaimsSetParser
>  parses JWT "iat" and "exp" fields as Integers. However, the specfication at 
> http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#expDef 
> specifies them to be NumericDate values and 
> http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#Terminology 
> specifies that NumericDate need not be integral.
> Even when the values are integers, Integer's range is not sufficient for 
> representing dates beyond 2038.
> It appears that the SVN trunk version also has this issue.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (OLTU-167) JWT iat and exp parsing broken

Reply via email to