bug #826 Fix creating tokens when iat is already set in the payload (…

…chalasr) This PR was merged into the 2.x-dev branch. Discussion ---------- Fix creating tokens when iat is already set in the payload Fixes #824 Commits ------- dee98cd Fix creating tokens when iat is already set in the payload
lexik · Jan 20, 2021 · c765af7 · c765af7
2 parents f6c0d9a + dee98cd
commit c765af7
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/Services/JWSProvider/LcobucciJWSProvider.php b/Services/JWSProvider/LcobucciJWSProvider.php
@@ -111,10 +111,13 @@ public function create(array $payload, array $header = [])
 
         $now = time();
 
+        $issuedAt = isset($payload['iat']) ? $payload['iat'] : $now;
+        unset($payload['iat']);
+
         if ($this->legacyJWTApi) {
-            $jws->setIssuedAt($now);
+            $jws->setIssuedAt($issuedAt);
         } else {
-            $jws->issuedAt($this->useDateObjects ? new \DateTimeImmutable("@{$now}") : $now);
+            $jws->issuedAt($this->useDateObjects && !$issuedAt instanceof \DateTimeImmutable ? new \DateTimeImmutable("@{$issuedAt}") : $issuedAt);
         }
 
         if (null !== $this->ttl || isset($payload['exp'])) {

diff --git a/Tests/Services/JWSProvider/AbstractJWSProviderTest.php b/Tests/Services/JWSProvider/AbstractJWSProviderTest.php
@@ -79,7 +79,7 @@ public function testCreate()
             ->method('getPassphrase')
             ->willReturn('foobar');
 
-        $payload     = ['username' => 'chalasr'];
+        $payload     = ['username' => 'chalasr', 'iat' => time()];
         $jwsProvider = new static::$providerClass($keyLoaderMock, 'openssl', 'RS384', 3600, 0);
 
         $this->assertInstanceOf(CreatedJWS::class, $created = $jwsProvider->create($payload));