Uploaded image for project: 'Syncope'
  1. Syncope
  2. SYNCOPE-1179

JWT "Date" claims are interpreted using milliseconds instead of seconds

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.0.4
    • 2.0.5, 2.1.0
    • None
    • None

    Description

      We currently treat (create + validate) JWT tokens with the claims "exp", "iat" and "nbf" as millisecond values. However the spec says that they should be seconds instead:

      https://tools.ietf.org/html/rfc7519

      NumericDate
      A JSON numeric value representing the number of seconds from
      1970-01-01T00:00:00Z UTC until the specified UTC date/time,
      ignoring leap seconds.

      exp: ... Its value MUST be a number
      containing a NumericDate value.

      nbf: ... Its value MUST be a number containing a
      NumericDate value.

      iat: ... Its
      value MUST be a number containing a NumericDate value.

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            coheigea Colm O hEigeartaigh
            coheigea Colm O hEigeartaigh
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment