Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow to skip "issued at" validation #297

Merged
merged 5 commits into from
Jan 12, 2019
Merged

Allow to skip "issued at" validation #297

merged 5 commits into from
Jan 12, 2019

Conversation

complanboy2
Copy link

@complanboy2 complanboy2 commented Oct 30, 2018
edited by lbalmaceda
Loading

The default behavior remains the same: Always verify the iat.

Will close #254

@complanboy2 complanboy2 mentioned this pull request Oct 30, 2018
Closed
@complanboy2
Copy link
Author

complanboy2 commented Nov 21, 2018
edited
Loading

Any hope for getting this reviewed in 2018 !

And also please check, #289

@complanboy2 complanboy2 mentioned this pull request Nov 21, 2018
Closed
@svenwb
Copy link

svenwb commented Jan 10, 2019

Is there any eta when this will be reviewed?

lbalmaceda
lbalmaceda suggested changes Jan 10, 2019
View reviewed changes
Copy link
Contributor

@lbalmaceda lbalmaceda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@complanboy2 Sorry for the delay. Please use spaces instead of tabs and fix the indentation so the file maintains the same formatting as before. I've left you a few comments. But mainly, the PR is missing the core check. You should be skipping the iat verification if the flag is present at this line.

lib/src/main/java/com/auth0/jwt/JWTVerifier.java Outdated Show resolved Hide resolved
lib/src/test/java/com/auth0/jwt/JWTVerifierTest.java Outdated Show resolved Hide resolved
lib/src/test/java/com/auth0/jwt/JWTVerifierTest.java Outdated Show resolved Hide resolved
lib/src/test/java/com/auth0/jwt/JWTVerifierTest.java Show resolved Hide resolved
lbalmaceda
lbalmaceda suggested changes Jan 11, 2019
View reviewed changes
Copy link
Contributor

@lbalmaceda lbalmaceda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please rebase the branch

lib/src/main/java/com/auth0/jwt/JWTVerifier.java Outdated Show resolved Hide resolved
lib/src/main/java/com/auth0/jwt/JWTVerifier.java Outdated Show resolved Hide resolved
lib/src/main/java/com/auth0/jwt/JWTVerifier.java Outdated Show resolved Hide resolved
@lbalmaceda lbalmaceda changed the title Issue#254: iat validation will be done by default and it can be ignor… Allow to skip "issued at" validation Jan 12, 2019
@lbalmaceda lbalmaceda merged commit 08def5e into auth0:master Jan 12, 2019
@lbalmaceda lbalmaceda added this to the v3-Next milestone Jan 12, 2019
@lbalmaceda
Copy link
Contributor

Thanks!

@complanboy2 complanboy2 deleted the issue254 branch January 13, 2019 12:56
@svenwb
Copy link

svenwb commented Jan 14, 2019

Hi @lbalmaceda thanks for moving this forward!
How does the release process of this pull request look like?
Is there any release planed which includes this change?
Thanks :)

@lbalmaceda
Copy link
Contributor

@svenwb I'll see if I can fit another change by end of week and make a release.

@lbalmaceda lbalmaceda modified the milestones: v3-Next, 3.6.0 Jan 24, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lbalmaceda lbalmaceda lbalmaceda approved these changes

Assignees
No one assigned
Labels
CH: Added
Projects
None yet
Milestone
3.6.0
Development

Successfully merging this pull request may close these issues.

iat should not be used for token lifetime validation
3 participants
@complanboy2 @svenwb @lbalmaceda