Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate->notBefore should allow same sec timestamp #69

Closed
wire67 opened this issue Jun 20, 2021 · 2 comments
Closed

Validate->notBefore should allow same sec timestamp #69

wire67 opened this issue Jun 20, 2021 · 2 comments

Comments

@wire67
Copy link

wire67 commented Jun 20, 2021

notBefore fails if the request is checked in the same timestamp it was generated: timestamp is 1000ms vs a HTTP request of few 10 to 100ms.
replace
$notBefore < time()
by
$notBefore <= time()
in
Validate.php
this also does not allow for any clock drift between systems
@RobDWaller
Copy link
Owner

Hi, thanks for sharing this. I believe you are correct I will make this change.

@RobDWaller
Copy link
Owner

Closing this issue as the core problem should be solved in the latest release. https://github.com/RobDWaller/ReallySimpleJWT/releases/tag/4.0.3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@RobDWaller @wire67