jwt-cpp: validating issued_at alway return token expired?

if (jwt.has_issued_at()) { auto leeway = claims.count("iat") == 1 ? std::chrono::system_clock::to_time_t(claims.at("iat").as_date()) : default_leeway; auto iat = jwt.get_issued_at(); if (time < iat - std::chrono::seconds(leeway)) throw token_verification_exception("token expired"); }

leeway = 0 so time < iat! who else got this ?

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 15 (9 by maintainers)

Most upvoted comments

@mdy405 I cleaned your code a bit and added a static time.

std::string now = "2019-04-08T21:35:21Z";
	std::tm tm = {};
	std::istringstream iss(now); 
	iss >> std::get_time(&tm, "%Y-%m-%dT%H:%M:%SZ");
	auto tp = std::chrono::system_clock::from_time_t(std::mktime(&tm));
	auto expiresAt = tp+std::chrono::minutes(60);
	auto token = jwt::create()
			.set_issuer("licence")
			.set_expires_at(jwt::date(expiresAt))
			.set_issued_at(jwt::date(tp))
			.set_type("JWS")
			.sign(jwt::algorithm::hs256{"secret"});
	std::cout << token << std::endl;

Maybe you mixed up set_expires_at and set_issued_at ?

It is generating a valid token and the issue is not present there, are you sure the code you posted is the code you use to generate the token? Are you using the current version (master branch 2b3ddae I did not fix anything related to time as far as I know but just to make sure)?

You can check your token here: https://jwt.io/ The number on the right side on iat should be less than the number on exp and iat should be less than the current unix time (https://www.unixtimestamp.com/index.php)

+1
Thalhammer on Apr 8, 2019
Read more comments on GitHub
← jwt-cpp: Errors after upgrade
thanos: [ARM cpu] pkg/store/cache.go:100:23: constant 1000000000000 overflows int →