]
Ilia Vassilev reassigned ELY-2069:
----------------------------------
Assignee: Ilia Vassilev (was: Darran Lofthouse)
JWT token validation uses int instead of long for the dates: exp
(expiration) and nbf
-------------------------------------------------------------------------------------
Key: ELY-2069
URL:
https://issues.redhat.com/browse/ELY-2069
Project: WildFly Elytron
Issue Type: Feature Request
Reporter: Chris Dolphy
Assignee: Ilia Vassilev
Priority: Major
JwtValidator is reading the exp and nbf field as a Java int instead of long:
[
https://github.com/wildfly-security/wildfly-elytron/blob/master/auth/real...]
This means the maximum expiration date is ~January 18, 2038. Also, with Javascript a
NumericDate this would be a 64-bit value. The JWT spec also leaves open the possibility
of a decimal value so that should possibly be accounted for.