allow Numeric for iat field on OIDC tokens

18F · Dec 17, 2020 · f00e379 · f00e379
1 parent d129ea9
commit f00e379
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/app/forms/openid_connect_token_form.rb b/app/forms/openid_connect_token_form.rb
@@ -128,7 +128,7 @@ def validate_aud_claim(payload)
   def validate_iat(payload)
     return true unless payload.key?('iat')
     iat = payload['iat']
-    return true if iat.is_a?(Integer) && (iat.to_i - ISSUED_AT_LEEWAY_SECONDS) < Time.zone.now.to_i
+    return true if iat.is_a?(Numeric) && (iat.to_i - ISSUED_AT_LEEWAY_SECONDS) < Time.zone.now.to_i
 
     errors.add(:client_assertion, t('openid_connect.token.errors.invalid_iat'))
   end