]
Ilia Vassilev updated ELY-2069:
-------------------------------
Component/s: Realms
JWT token validation uses int instead of long for the dates: exp
(expiration) and nbf
-------------------------------------------------------------------------------------
Key: ELY-2069
URL:
https://issues.redhat.com/browse/ELY-2069
Project: WildFly Elytron
Issue Type: Bug
Components: Realms
Affects Versions: 1.14.1.Final
Reporter: Chris Dolphy
Assignee: Ilia Vassilev
Priority: Major
JwtValidator is reading the exp and nbf field as a Java int instead of long:
[
https://github.com/wildfly-security/wildfly-elytron/blob/master/auth/real...]
This means the maximum expiration date is ~January 18, 2038. Also, with Javascript a
NumericDate this would be a 64-bit value. The JWT spec also leaves open the possibility
of a decimal value so that should possibly be accounted for.