Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 1.10.12.Final, 1.14.2.Final, 2.0.0.Alpha10
Affects Version/s: 1.14.1.Final
Component/s: Realms
Labels:
None

Release Note Text:
Undefined
Git Pull Request:
https://github.com/wildfly-security/wildfly-elytron/pull/1479

JwtValidator is reading the exp and nbf field as a Java int instead of long:

https://github.com/wildfly-security/wildfly-elytron/blob/master/auth/realm/token/src/main/java/org/wildfly/security/auth/realm/token/validator/JwtValidator.java#L139

This means the maximum expiration date is ~January 18, 2038. Also, with Javascript a NumericDate this would be a 64-bit value. The JWT spec also leaves open the possibility of a decimal value so that should possibly be accounted for.

is cloned by

JBEAP-20939 (7.3.z) ELY-2069 - JWT token validation uses int instead of long for the dates: exp (expiration) and nbf

Verified

Assignee:: Ilia Vassilev

Reporter:: Chris Dolphy

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2021/01/12 4:59 PM

Updated:: 2021/03/18 1:37 PM

Resolved:: 2021/01/27 10:59 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates