[OLTU-167] JWT iat and exp parsing broken - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: oauth2-1.0.0
Fix Version/s: None
Component/s: oauth2-jwt
Labels:
- review

Description

The code at http://grepcode.com/file/repo1.maven.org/maven2/org.apache.oltu.oauth2/org.apache.oltu.oauth2.jwt/1.0.0/org/apache/oltu/oauth2/jwt/io/JWTClaimsSetParser.java#JWTClaimsSetParser parses JWT "iat" and "exp" fields as Integers. However, the specfication at http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#expDef specifies them to be NumericDate values and http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#Terminology specifies that NumericDate need not be integral.

Even when the values are integers, Integer's range is not sufficient for representing dates beyond 2038.

It appears that the SVN trunk version also has this issue.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Tuure Laurinolli

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 07/Jan/15 12:18

Updated:: 25/Oct/17 13:08