public static void validateJwtExpiry(JwtClaims claims, int clockOffset, boolean claimRequired) { Long expiryTime = claims.getExpiryTime(); if (expiryTime == null) { if (claimRequired) { throw new JwtException("The token has expired"); } return; } Instant now = Instant.now(); Instant expires = Instant.ofEpochMilli(expiryTime * 1000L); if (clockOffset != 0) { expires = expires.plusSeconds(clockOffset); } if (expires.isBefore(now)) { throw new JwtException("The token has expired"); } }
public static void validateJwtExpiry(JwtClaims claims, int clockOffset, boolean claimRequired) { Long expiryTime = claims.getExpiryTime(); if (expiryTime == null) { if (claimRequired) { throw new JwtException("The token has expired"); } return; } Instant now = Instant.now(); Instant expires = Instant.ofEpochMilli(expiryTime * 1000L); if (clockOffset != 0) { expires = expires.plusSeconds(clockOffset); } if (expires.isBefore(now)) { throw new JwtException("The token has expired"); } }
@Override public Authentication authenticate(final Authentication authentication) throws AuthenticationException { final JWTAuthentication jwtAuthentication = (JWTAuthentication) authentication; AuthContextUtils.execWithAuthContext(jwtAuthentication.getDetails().getDomain(), () -> { Pair<String, Set<SyncopeGrantedAuthority>> authenticated = dataAccessor.authenticate(jwtAuthentication); jwtAuthentication.setUsername(authenticated.getLeft()); jwtAuthentication.getAuthorities().addAll(authenticated.getRight()); return null; }); JwtClaims claims = jwtAuthentication.getClaims(); Long referenceTime = new Date().getTime(); Long expiryTime = claims.getExpiryTime(); if (expiryTime == null || (expiryTime * 1000L) < referenceTime) { dataAccessor.removeExpired(claims.getTokenId()); throw new CredentialsExpiredException("JWT is expired"); } Long notBefore = claims.getNotBefore(); if (notBefore == null || (notBefore * 1000L) > referenceTime) { throw new CredentialsExpiredException("JWT not valid yet"); } jwtAuthentication.setAuthenticated(true); return jwtAuthentication; }
public static void validateTokenClaims(JwtClaims claims, int timeToLive, int clockOffset, boolean validateAudienceRestriction) { // If we have no issued time then we need to have an expiry boolean expiredRequired = claims.getIssuedAt() == null; validateJwtExpiry(claims, clockOffset, expiredRequired); validateJwtNotBefore(claims, clockOffset, false); // If we have no expiry then we must have an issued at boolean issuedAtRequired = claims.getExpiryTime() == null; validateJwtIssuedAt(claims, timeToLive, clockOffset, issuedAtRequired); if (validateAudienceRestriction) { validateJwtAudienceRestriction(claims, PhaseInterceptorChain.getCurrentMessage()); } }
public static void validateTokenClaims(JwtClaims claims, int timeToLive, int clockOffset, boolean validateAudienceRestriction) { // If we have no issued time then we need to have an expiry boolean expiredRequired = claims.getIssuedAt() == null; validateJwtExpiry(claims, clockOffset, expiredRequired); validateJwtNotBefore(claims, clockOffset, false); // If we have no expiry then we must have an issued at boolean issuedAtRequired = claims.getExpiryTime() == null; validateJwtIssuedAt(claims, timeToLive, clockOffset, issuedAtRequired); if (validateAudienceRestriction) { validateJwtAudienceRestriction(claims, PhaseInterceptorChain.getCurrentMessage()); } }
@Override public Authentication authenticate(final Authentication authentication) throws AuthenticationException { final JWTAuthentication jwtAuthentication = (JWTAuthentication) authentication; AuthContextUtils.execWithAuthContext(jwtAuthentication.getDetails().getDomain(), () -> { Pair<String, Set<SyncopeGrantedAuthority>> authenticated = dataAccessor.authenticate(jwtAuthentication); jwtAuthentication.setUsername(authenticated.getLeft()); jwtAuthentication.getAuthorities().addAll(authenticated.getRight()); return null; }); JwtClaims claims = jwtAuthentication.getClaims(); Long referenceTime = new Date().getTime(); Long expiryTime = claims.getExpiryTime(); if (expiryTime == null || (expiryTime * 1000L) < referenceTime) { dataAccessor.removeExpired(claims.getTokenId()); throw new CredentialsExpiredException("JWT is expired"); } Long notBefore = claims.getNotBefore(); if (notBefore == null || (notBefore * 1000L) > referenceTime) { throw new CredentialsExpiredException("JWT not valid yet"); } jwtAuthentication.setAuthenticated(true); return jwtAuthentication; }
throw new IllegalArgumentException("Invalid signature found in Relay State"); Long expiryTime = relayState.getJwtClaims().getExpiryTime(); if (expiryTime == null || (expiryTime * 1000L) < new Date().getTime()) { throw new IllegalArgumentException("Relay State is expired");
if (claims.getExpiryTime() > 0) { expires = Instant.ofEpochMilli(claims.getExpiryTime() * 1000L); response.setExpires(expires);
if (claims.getExpiryTime() > 0) { expires = Instant.ofEpochMilli(claims.getExpiryTime() * 1000L); response.setExpires(expires);
atv.setTokenIssuedAt(now.toEpochMilli()); if (claims.getExpiryTime() != null) { atv.setTokenLifetime(claims.getExpiryTime() - atv.getTokenIssuedAt());
requestId = relayState.getJwtClaims().getSubject(); Long expiryTime = relayState.getJwtClaims().getExpiryTime(); if (expiryTime == null || (expiryTime * 1000L) < new Date().getTime()) { throw new IllegalArgumentException("Relay State is expired");
atv.setTokenIssuedAt(now.toEpochMilli()); if (claims.getExpiryTime() != null) { atv.setTokenLifetime(claims.getExpiryTime() - atv.getTokenIssuedAt());
long lifetime = claims.getExpiryTime() - issuedAt; BearerAccessToken at = new BearerAccessToken(c, jose, lifetime, issuedAt);
long lifetime = claims.getExpiryTime() - issuedAt; BearerAccessToken at = new BearerAccessToken(c, jose, lifetime, issuedAt);
validateClaimsAlways || strictTimeValidation && claims.getExpiryTime() == null; try { JwtUtils.validateJwtIssuedAt(claims, getTtl(), getClockOffset(), issuedAtRequired);
validateClaimsAlways || strictTimeValidation && claims.getExpiryTime() == null; try { JwtUtils.validateJwtIssuedAt(claims, getTtl(), getClockOffset(), issuedAtRequired);