Uploaded image for project: 'Syncope'
  1. Syncope
  2. SYNCOPE-1179

JWT "Date" claims are interpreted using milliseconds instead of seconds

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0.4
    • Fix Version/s: 2.0.5, 2.1.0
    • Component/s: None
    • Labels:
      None

      Description

      We currently treat (create + validate) JWT tokens with the claims "exp", "iat" and "nbf" as millisecond values. However the spec says that they should be seconds instead:

      https://tools.ietf.org/html/rfc7519

      NumericDate
      A JSON numeric value representing the number of seconds from
      1970-01-01T00:00:00Z UTC until the specified UTC date/time,
      ignoring leap seconds.

      exp: ... Its value MUST be a number
      containing a NumericDate value.

      nbf: ... Its value MUST be a number containing a
      NumericDate value.

      iat: ... Its
      value MUST be a number containing a NumericDate value.

        Attachments

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              coheigea Colm O hEigeartaigh
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: