Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to verify JWT claims #298

Open
kudamhazo opened this issue Apr 3, 2022 · 1 comment
Open

Unable to verify JWT claims #298

kudamhazo opened this issue Apr 3, 2022 · 1 comment

Comments

@kudamhazo
Copy link

There is a bit of an issue with the validation of datetimes (exp, iat, nbf, etc) claims. The library is checking if they are integers which is not correct. It should check if they are numeric (maybe is_numeric(...)method) instead because the RFC ref for JWT does not restrict those claims to integers. I am experiencing some challenges because of this issue. OpenID server I am using returns claims with format like this:

{
  "iat": 1648944303.697052,
  "exp": 1680480303.583767,
}

Hope this can be updated some time. Here is the code reference to where the issue is:

OpenID-Connect-PHP/src/OpenIDConnectClient.php

Lines 1072 to 1073 in 4ac6b24

&& ( !isset($claims->exp) || ((gettype($claims->exp) === 'integer') && ($claims->exp >= time() - $this->leeway)))
&& ( !isset($claims->nbf) || ((gettype($claims->nbf) === 'integer') && ($claims->nbf <= time() + $this->leeway)))

@kudamhazo
Copy link
Author

I can take a stab at PR if you think this is worth fixing 🙂

@DeepDiver1975 DeepDiver1975 mentioned this issue May 2, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kudamhazo