Ilia Vassilev created ELY-2079: ---------------------------------- Summary: (7.3.z) ELY-2069 - JWT token validation uses int instead of long for the dates: exp (expiration) and nbf Key: ELY-2079 URL: https://issues.redhat.com/browse/ELY-2079 Project: WildFly Elytron Issue Type: Bug Components: Realms Affects Versions: 1.14.1.Final Reporter: Ilia Vassilev Assignee: Ilia Vassilev Fix For: 1.15.0.CR1 JwtValidator is reading the exp and nbf field as a Java int instead of long: [https://github.com/wildfly-security/wildfly-elytron/blob/master/auth/real...] This means the maximum expiration date is ~January 18, 2038.  Also, with Javascript a NumericDate this would be a 64-bit value.  The JWT spec also leaves open the possibility of a decimal value so that should possibly be accounted for. -- This message was sent by Atlassian Jira (v8.13.1#813001)