Skip to content

Commit

Permalink
added validation of token expiration, issuedAt and nbf (#387)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Thottbot
Thottbot committed Oct 23, 2023
1 parent 739eea5 commit 96f587e
Showing 1 changed file with 22 additions and 4 deletions.
26 changes: 22 additions & 4 deletions v2/auth/jwt.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,28 @@ func IsTokenValid(token string, tokenExpireDurationDiff time.Duration) bool {
return false
}

parser := jwt.NewParser(jwt.WithLeeway(tokenExpireDurationDiff))

var claims jwt.RegisteredClaims

_, _, err := parser.ParseUnverified(token, &claims)
return err == nil
_, _, err := jwt.NewParser().ParseUnverified(token, &claims)
if err != nil {
return false
}

ts := time.Now().Add(tokenExpireDurationDiff)

for _, claim := range []*jwt.NumericDate{
claims.ExpiresAt,
claims.IssuedAt,
claims.NotBefore,
} {
if claim == nil {
continue
}

if claim.Before(ts) {
return false
}
}

return true
}

0 comments on commit 96f587e

Please sign in to comment.