[
https://issues.apache.org/jira/browse/SYNCOPE-1179?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16104990#comment-16104990
]
ASF subversion and git services commented on SYNCOPE-1179:
----------------------------------------------------------
Commit 2b4053df14d74e47c55ced76b713fc1baba0abda in syncope's branch
refs/heads/master from [~coheigea]
[ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=2b4053d ]
SYNCOPE-1179 - JWT "Date" claims are interpreted using milliseconds instead of
seconds
> JWT "Date" claims are interpreted using milliseconds instead of seconds
> -----------------------------------------------------------------------
>
> Key: SYNCOPE-1179
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1179
> Project: Syncope
> Issue Type: Bug
> Affects Versions: 2.0.4
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Fix For: 2.0.5, 2.1.0
>
>
> We currently treat (create + validate) JWT tokens with the claims "exp",
> "iat" and "nbf" as millisecond values. However the spec says that they should
> be seconds instead:
> https://tools.ietf.org/html/rfc7519
> NumericDate
> A JSON numeric value representing the number of seconds from
> 1970-01-01T00:00:00Z UTC until the specified UTC date/time,
> ignoring leap seconds.
> exp: ... Its value MUST be a number
> containing a NumericDate value.
> nbf: ... Its value MUST be a number containing a
> NumericDate value.
> iat: ... Its
> value MUST be a number containing a NumericDate value.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
