Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

JWT not throwing ExpiredTokenException in .Net Core #134

Closed
NPSF3000 opened this issue Sep 8, 2017 · 5 comments
Assignees
Labels

Comments

@NPSF3000
Copy link

@NPSF3000 NPSF3000 commented Sep 8, 2017

.Net Core 2. JWT 3.0.3

 public AtkToken DecodeToken(string token)
        {
            IJsonSerializer serializer = new JsonNetSerializer();
            IDateTimeProvider provider = new UtcDateTimeProvider();
            IJwtValidator validator = new JwtValidator(serializer, provider);
            IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
            IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder);
            IDictionary<string, object> decodedToken = null;

            try
            {
                decodedToken = decoder.DecodeToObject<IDictionary<string, object>>(token, SecretKey, verify: true);
               //Error is logged.
                if (DateTime.Parse(decodedToken["Expiry"].ToString()) < DateTime.UtcNow)
                    LogTo.Error("Expired Token Detected! {token}, {expiry} ", decodedToken, decodedToken["Expiry"]);  
            }
            catch (TokenExpiredException) //No exception is thrown.
            {
                LogTo.Error("Token has expired: {Token}", token);
            }
            catch (SignatureVerificationException)
            {
                LogTo.Error("Token has invalid signature: {Token}", token);
            }
...
}
@abatishchev

This comment has been minimized.

Copy link
Member

@abatishchev abatishchev commented Sep 8, 2017

Since I don't have the input token, can you build Jwt.Net locally, drop into your build and debug?

@abatishchev abatishchev self-assigned this Sep 8, 2017
@abatishchev abatishchev added the question label Sep 8, 2017
@NPSF3000

This comment has been minimized.

Copy link
Author

@NPSF3000 NPSF3000 commented Sep 11, 2017

@abatishchev looks like we use the field name 'Expiry' while JWT prefers 'exp'. Looks like we can resolve this issue our side. Thanks.

@abatishchev

This comment has been minimized.

Copy link
Member

@abatishchev abatishchev commented Sep 11, 2017

Yes, use exp, see RFC 7519 section 4.1.4.

@FranklinYu

This comment has been minimized.

Copy link
Contributor

@FranklinYu FranklinYu commented Aug 31, 2018

Currently all links to JWT standard point to draft 10. Shall we change them all to RFC 7519? I think the implementation is already RFC 7519 compliant (or at least that's the target).

@abatishchev abatishchev changed the title JWT not throwing ExpiredTokenException in .NetCore JWT not throwing ExpiredTokenException in .Net Core Aug 31, 2018
@abatishchev

This comment has been minimized.

Copy link
Member

@abatishchev abatishchev commented Aug 31, 2018

Oh, sure, please submit a PR. And if you know what were the important changes or what has to be changed - please explain to me, would definitely appreciate. And open a new issue, if you will.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
3 participants
You can’t perform that action at this time.