From 1be15faed0a704bf5a2c34121d8131e00f23c734 Mon Sep 17 00:00:00 2001
From: Filip Skokan <panva.ip@gmail.com>
Date: Fri, 15 Jul 2022 16:05:53 +0200
Subject: [PATCH] fix(PAR): set additional stored PAR object properties on
 plain requests

---
 .../authorization/pushed_authorization_request_response.js | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/actions/authorization/pushed_authorization_request_response.js b/lib/actions/authorization/pushed_authorization_request_response.js
index 4666d1806..8bc26c38b 100644
--- a/lib/actions/authorization/pushed_authorization_request_response.js
+++ b/lib/actions/authorization/pushed_authorization_request_response.js
@@ -9,9 +9,9 @@ const MAX_TTL = 60;
 module.exports = async function pushedAuthorizationRequestResponse(ctx, next) {
   let request;
   let ttl;
+  const now = epochTime();
   if (ctx.oidc.body.request) {
     ({ request } = ctx.oidc.body);
-    const now = epochTime();
     const { payload: { exp } } = JWT.decode(request);
     ttl = exp - now;
 
@@ -21,10 +21,11 @@ module.exports = async function pushedAuthorizationRequestResponse(ctx, next) {
   } else {
     ttl = MAX_TTL;
     request = new UnsecuredJWT({ ...ctx.oidc.params })
-      .setIssuedAt()
+      .setIssuedAt(now)
       .setIssuer(ctx.oidc.client.clientId)
       .setAudience(ctx.oidc.issuer)
-      .setExpirationTime(`${MAX_TTL}s`)
+      .setExpirationTime(now + MAX_TTL)
+      .setNotBefore(now)
       .encode();
   }