public static void validateJwtIssuedAt(JwtClaims claims, int timeToLive, int clockOffset, boolean claimRequired) { Long issuedAtInSecs = claims.getIssuedAt(); if (issuedAtInSecs == null) { if (claimRequired) { throw new JwtException("Invalid issuedAt"); } return; } Instant createdDate = Instant.ofEpochMilli(issuedAtInSecs * 1000L); Instant validCreation = Instant.now(); if (clockOffset != 0) { validCreation = validCreation.plusSeconds(clockOffset); } // Check to see if the IssuedAt time is in the future if (createdDate.isAfter(validCreation)) { throw new JwtException("Invalid issuedAt"); } if (timeToLive > 0) { // Calculate the time that is allowed for the message to travel validCreation = validCreation.minusSeconds(timeToLive); // Validate the time it took the message to travel if (createdDate.isBefore(validCreation)) { throw new JwtException("Invalid issuedAt"); } } }
@Override public void populateItem( final Item<ICellPopulator<AccessTokenTO>> cellItem, final String componentId, final IModel<AccessTokenTO> model) { JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(model.getObject().getBody()); cellItem.add(new Label(componentId, SyncopeConsoleSession.get().getDateFormat().format( new Date(consumer.getJwtClaims().getIssuedAt())))); } });
public static void validateJwtIssuedAt(JwtClaims claims, int timeToLive, int clockOffset, boolean claimRequired) { Long issuedAtInSecs = claims.getIssuedAt(); if (issuedAtInSecs == null) { if (claimRequired) { throw new JwtException("Invalid issuedAt"); } return; } Instant createdDate = Instant.ofEpochMilli(issuedAtInSecs * 1000L); Instant validCreation = Instant.now(); if (clockOffset != 0) { validCreation = validCreation.plusSeconds(clockOffset); } // Check to see if the IssuedAt time is in the future if (createdDate.isAfter(validCreation)) { throw new JwtException("Invalid issuedAt"); } if (timeToLive > 0) { // Calculate the time that is allowed for the message to travel validCreation = validCreation.minusSeconds(timeToLive); // Validate the time it took the message to travel if (createdDate.isBefore(validCreation)) { throw new JwtException("Invalid issuedAt"); } } }
public static void validateTokenClaims(JwtClaims claims, int timeToLive, int clockOffset, boolean validateAudienceRestriction) { // If we have no issued time then we need to have an expiry boolean expiredRequired = claims.getIssuedAt() == null; validateJwtExpiry(claims, clockOffset, expiredRequired); validateJwtNotBefore(claims, clockOffset, false); // If we have no expiry then we must have an issued at boolean issuedAtRequired = claims.getExpiryTime() == null; validateJwtIssuedAt(claims, timeToLive, clockOffset, issuedAtRequired); if (validateAudienceRestriction) { validateJwtAudienceRestriction(claims, PhaseInterceptorChain.getCurrentMessage()); } }
public static void validateTokenClaims(JwtClaims claims, int timeToLive, int clockOffset, boolean validateAudienceRestriction) { // If we have no issued time then we need to have an expiry boolean expiredRequired = claims.getIssuedAt() == null; validateJwtExpiry(claims, clockOffset, expiredRequired); validateJwtNotBefore(claims, clockOffset, false); // If we have no expiry then we must have an issued at boolean issuedAtRequired = claims.getExpiryTime() == null; validateJwtIssuedAt(claims, timeToLive, clockOffset, issuedAtRequired); if (validateAudienceRestriction) { validateJwtAudienceRestriction(claims, PhaseInterceptorChain.getCurrentMessage()); } }
if (claims.getIssuedAt() > 0) { response.setCreated(Instant.ofEpochMilli(claims.getIssuedAt() * 1000L));
if (claims.getIssuedAt() > 0) { response.setCreated(Instant.ofEpochMilli(claims.getIssuedAt() * 1000L));
atv.setClientId(clientId); if (claims.getIssuedAt() != null) { atv.setTokenIssuedAt(claims.getIssuedAt()); } else { Instant now = Instant.now();
atv.setClientId(clientId); if (claims.getIssuedAt() != null) { atv.setTokenIssuedAt(claims.getIssuedAt()); } else { Instant now = Instant.now();
Client c = clientProvider.getClient(clientId); long issuedAt = claims.getIssuedAt(); long lifetime = claims.getExpiryTime() - issuedAt; BearerAccessToken at = new BearerAccessToken(c, jose, lifetime, issuedAt);
Client c = clientProvider.getClient(clientId); long issuedAt = claims.getIssuedAt(); long lifetime = claims.getExpiryTime() - issuedAt; BearerAccessToken at = new BearerAccessToken(c, jose, lifetime, issuedAt);
validateClaimsAlways || strictTimeValidation && claims.getIssuedAt() == null; try { JwtUtils.validateJwtExpiry(claims, getClockOffset(), expiredRequired);
validateClaimsAlways || strictTimeValidation && claims.getIssuedAt() == null; try { JwtUtils.validateJwtExpiry(claims, getClockOffset(), expiredRequired);