search

AzureAD / microsoft-authentication-library-for-js

Microsoft Authentication Library (MSAL) for JS
http://aka.ms/aadv2
MIT License
3.68k stars 2.65k forks source link

[Bug] Fix Date-Time Parsing in Token Expiration Calculation for Multiple Formats #7393

Open gladjohn opened 1 month ago

gladjohn commented 1 month ago

Core Library

MSAL.js (@azure/msal-node)

Core Library Version

latest

Public or Confidential Client?

Confidential

Description

The method responsible for calculating token expiration (expires_on) in MSAL (Managed Identity) is not handling various date-time formats correctly. This leads to errors or incorrect results when processing expiration times in different formats provided by the Managed Identity service.

more info : https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4963

Error Message

No response

MSAL Logs

No response

Network Trace (Preferrably Fiddler)

MSAL Configuration

Added parsing logic for Unix timestamps, ISO 8601

Relevant Code Snippets

Added parsing logic for Unix timestamps, ISO 8601

Reproduction Steps

Added parsing logic for Unix timestamps, ISO 8601

Expected Behavior

Added parsing logic for Unix timestamps, ISO 8601

Identity Provider

Entra ID (formerly Azure AD) / MSA

Browsers Affected (Select all that apply)

None (Server)

Regression

No response

github-actions[bot] commented 1 month ago

Invalid Issue Template: Please update the original issue and make sure to fill out the entire issue template so we can better assist you.

Robbie-Microsoft commented 1 month ago

Right now, expiresOn is received from the MI as a Unix Timestamp number. I can add functionality to check if expiresOn is a string, and if it is, that means it's in ISO 8601 format and it'll be converted to a Unix timestamp.

@gladjohn Before I add this functionality, I need your assurance that if expiresOn is not received as a unix timestamp number, then it'll be received as a string ISO 8601. It'll be either/or, and will never be a string Unix Timestamp. Can you confirm this?

gladjohn commented 1 month ago

Right now, expiresOn is received from the MI as a Unix Timestamp number. I can add functionality to check if expiresOn is a string, and if it is, that means it's in ISO 8601 format and it'll be converted to a Unix timestamp.

@gladjohn Before I add this functionality, I need your assurance that if expiresOn is not received as a unix timestamp number, then it'll be received as a string ISO 8601. It'll be either/or, and will never be a string Unix Timestamp. Can you confirm this?

take a look the fix here : https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/ac1cb0522a011e0a6e0802a2535bf03cfd8d9fab/src/client/Microsoft.Identity.Client/Utils/DateTimeHelpers.cs#L77