Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SDK-1699] Fix ID token validation for auth_time #497

Merged
merged 4 commits into from
Jun 12, 2020
Merged

[SDK-1699] Fix ID token validation for auth_time #497

merged 4 commits into from
Jun 12, 2020

Conversation

stevehobbsdev
Copy link
Contributor

@stevehobbsdev stevehobbsdev commented Jun 5, 2020
edited

Description

The auth_time claim was being incorrectly validated in milliseconds, where this should be seconds.

References

Fixes #489

Testing

The relevant test was also incorrectly suppling test data in ms, so this has been updated. The test also only validated half of the validation message (the part which doesn't include the time), so this has been improved to correctly validate the entire string.

  • This change adds test coverage for new/changed/fixed functionality

Checklist

  • I have added documentation for new/changed functionality in this PR or in auth0.com/docs
  • All active GitHub checks for tests, formatting, and security are passing
  • The correct base branch is being used, if not master

@stevehobbsdev stevehobbsdev added small CH: Fixed PR is fixing a bug labels Jun 5, 2020
@stevehobbsdev stevehobbsdev added this to the vNext milestone Jun 5, 2020
@stevehobbsdev stevehobbsdev requested a review from a team June 5, 2020 11:30
adamjmcgrath
adamjmcgrath reviewed Jun 5, 2020
View reviewed changes
Copy link
Contributor

@adamjmcgrath adamjmcgrath left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, just a couple of comments

__tests__/jwt.test.ts Outdated Show resolved Hide resolved
__tests__/jwt.test.ts Show resolved Hide resolved
src/jwt.ts Show resolved Hide resolved
@stevehobbsdev stevehobbsdev merged commit a9dfadf into master Jun 12, 2020
@stevehobbsdev stevehobbsdev deleted the fix/max-age-validation branch June 12, 2020 12:39
@MrPrashantT
Copy link

Hi team, any indication on when this fix will be incorporated into a new release?

@stevehobbsdev
Copy link
Contributor Author

Hi @MrPrashantT, this is now available in the v1.10.0 release that was released yesterday.

This was released to NPM yesterday but I've just tagged it now - thanks for the reminder!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adamjmcgrath adamjmcgrath adamjmcgrath approved these changes

Assignees
No one assigned
Labels
CH: Fixed PR is fixing a bug
Projects
None yet
Milestone
v1.10.0
Development

Successfully merging this pull request may close these issues.

auth_time and max_age are provided in seconds
3 participants
@stevehobbsdev @MrPrashantT @adamjmcgrath