New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Invalid dates in JWT #1430
Comments
I see thephpleague/oauth2-server#1198 which isn't tagged yet atm. @billriess do the changes of that PR solve the issue for you? |
We already addressed that in lcobucci/jwt#706 and lcobucci/jwt#710 updating to the latest 4.x patches should solve the problem. Also, 4.1 introduces the formatter that always use integers - it's not the default, so, users need to configure it |
Just to explain things better, time fractions are OK in jwt land. Our mistake was to represent them in strings - to not have precision issues when casting things to string (required to recreate the DateTimeImmutable object). We've found an alternative to the casting that solves the issue and allows us to use floats - solving compatibility issues with other libs. |
Thanks @lcobucci. @billriess can you update to the latest JWT version to see if that fixes the issue? |
Odd, I had 4.1.2 already but after updating to 4.1.4 it seems to be good now. Going to close this. |
Even when they are floats, in our experience talking to about 2 dozen external systems using JWTs, pretty much all of them fail on float dates (so incompatible with Laravel Passport). For those that are stuck in the integer world, my laravel-claims package also has support for custom formatters so you can just format them to ints. https://github.com/corbosman/laravel-passport-claims |
Description:
When validating the token issued from
oauth/login
theiat
,nbf
, andexp
fields are coming back in an invalid date format that includes decimals.Steps To Reproduce:
Create a token, validate it against something like https://jwt.io/
This is breaking in some of our apps because they are attempting to validate the JWT, the workaround, for now, is to disable validation. I believe this was introduced in Passport 10 or 10.1 but not certain.
Another person had similar issues on stack overflow: https://stackoverflow.com/questions/65129092/laravel-passport-chanage-type-of-exp-iat-and-nbf-to-int-or-float
The text was updated successfully, but these errors were encountered: