Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12625

JWT OIDC Token can't be valid for over 86400 seconds

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 5.5.1
    • Fix Version/s: 6.5.0, 6.0.1
    • Component/s: oauth2
    • Labels:
    • Environment:
      AM 5.5.1 with OpenID Connect OIDC
    • Target Version/s:
    • Support Ticket IDs:

      Description

      Bug description

      Set the JWT Lifetime to above 86400 seconds and then try to validate a tolken this fails with an exception. Maybe expected for JWT to not last over 24 hours

      How to reproduce the issue

      1. Requesting oauth2+oidc token with user credentials grant flow
      2. Try to validate oidc token at idtokeninfor (fails see exception in oauth2provider log)
      3. Waited 30 seconds (jwt lifetime was set to 86430 so after 30 seconds the token is only valid for less than 24 hours). Validation was successful

      Expected behaviour

      That token would be valid, as it's valid once it's life is less than 24 hours

      Current behaviour

      Token fails to validate when Lifetime is greater than 24 hours

      Work around

      Set token life time to less than 24 hours

      Code analysis

      There are references to browser JWT being limited by design and many of the test cases in code put jwt_token_lifetime=86400

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jaco.jooste Jaco Jooste
                Reporter:
                william.hepler William Hepler
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: