[
https://issues.apache.org/jira/browse/SYNCOPE-1179?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16104991#comment-16104991
]
ASF subversion and git services commented on SYNCOPE-1179:
----------------------------------------------------------
Commit c522ac05821dd23e3326c01525ebdd233ad66dd2 in syncope's branch
refs/heads/2_0_X from [~coheigea]
[ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=c522ac0 ]
SYNCOPE-1179 - JWT "Date" claims are interpreted using milliseconds instead of
seconds
> JWT "Date" claims are interpreted using milliseconds instead of seconds
> -----------------------------------------------------------------------
>
> Key: SYNCOPE-1179
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1179
> Project: Syncope
> Issue Type: Bug
> Affects Versions: 2.0.4
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Fix For: 2.0.5, 2.1.0
>
>
> We currently treat (create + validate) JWT tokens with the claims "exp",
> "iat" and "nbf" as millisecond values. However the spec says that they should
> be seconds instead:
> https://tools.ietf.org/html/rfc7519
> NumericDate
> A JSON numeric value representing the number of seconds from
> 1970-01-01T00:00:00Z UTC until the specified UTC date/time,
> ignoring leap seconds.
> exp: ... Its value MUST be a number
> containing a NumericDate value.
> nbf: ... Its value MUST be a number containing a
> NumericDate value.
> iat: ... Its
> value MUST be a number containing a NumericDate value.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
