Skip to content

ID Token validation should use JwtTimestampValidator #6964

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jgrandja opened this issue Jun 6, 2019 · 1 comment
Closed

ID Token validation should use JwtTimestampValidator #6964

jgrandja opened this issue Jun 6, 2019 · 1 comment
Assignees
@jgrandja
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: bug A general bug
Milestone
5.2.0.M3

Comments

@jgrandja
Copy link
Contributor

jgrandja commented Jun 6, 2019

OidcIdTokenDecoderFactory and ReactiveOidcIdTokenDecoderFactory use OidcIdTokenValidator for validating the ID Token. It should also use JwtTimestampValidator during the validation process.
@jgrandja jgrandja added in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement labels Jun 6, 2019
@jgrandja jgrandja added this to the 5.2.0.M3 milestone Jun 6, 2019
@jgrandja jgrandja self-assigned this Jun 11, 2019
@jgrandja jgrandja added type: bug A general bug and removed type: enhancement A general enhancement labels Jun 11, 2019
@jgrandja
Copy link
Contributor Author

@bdemers This is now in master.

kostya05983 pushed a commit to kostya05983/spring-security that referenced this issue Aug 26, 2019
@jgrandja @kostya05983
ID Token validation uses JwtTimestampValidator
f34d246 
Fixes spring-projectsgh-6964
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jgrandja jgrandja

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: bug A general bug
Projects
None yet
Milestone
5.2.0.M3
Development

No branches or pull requests
1 participant
@jgrandja