Chris Dolphy created ELY-2069:
---------------------------------
Summary: JWT token validation uses int instead of long for the expiration
(exp) value
Key: ELY-2069
URL:
https://issues.redhat.com/browse/ELY-2069
Project: WildFly Elytron
Issue Type: Feature Request
Reporter: Chris Dolphy
Assignee: Darran Lofthouse
JwtValidator is reading the exp field as a Java int instead of long:
[
https://github.com/wildfly-security/wildfly-elytron/blob/master/auth/real...]
This means the maximum expiration date is ~January 18, 2038. Also, with Javascript a
NumericDate this would be a 64-bit value. The JWT spec also leaves open the possibility
of a decimal value so that should possibly be accounted for.
--
This message was sent by Atlassian Jira
(v8.13.1#813001)