Fix the client assertion validation logic to avoid rejecting assertio…

…ns that don't specify an "iat" claim
openiddict · Jan 17, 2024 · 24e242e · 24e242e
1 parent cf3e960
commit 24e242e
Showing 1 changed file with 0 additions and 13 deletions.
diff --git a/src/OpenIddict.Server/OpenIddictServerHandlers.cs b/src/OpenIddict.Server/OpenIddictServerHandlers.cs
@@ -687,19 +687,6 @@ public ValueTask HandleAsync(ProcessAuthenticationContext context)
                 return default;
             }
 
-            // Client assertions MUST contain contain an "iat" claim. For more information,
-            // see https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication
-            // and https://datatracker.ietf.org/doc/html/rfc7523#section-3.
-            if (!context.ClientAssertionPrincipal.HasClaim(Claims.IssuedAt))
-            {
-                context.Reject(
-                    error: Errors.InvalidRequest,
-                    description: SR.FormatID2172(Claims.IssuedAt),
-                    uri: SR.FormatID8000(SR.ID2172));
-
-                return default;
-            }
-
             return default;
 
             static bool ValidateClaimGroup(string name, List<Claim> values) => name switch