Fix incorrect generation of iat in jwt

SetuHQ / upi-deeplinks-node-sdk

Node package to connect to Setu's UPI Deep Link APIs

https://setuhq.github.io/upi-deeplinks-node-sdk

MIT License

6 stars 4 forks source link

Fix incorrect generation of iat in jwt #9

Closed kudos-admin closed 3 years ago

kudos-admin commented 3 years ago

in src/helpers/auth.js, you have a helper function to generate the iat which indicates the age of the jwt.

iat: Math.floor(Date.now / 1000),

will always give

Nan

It should have been

iat: Math.floor(Date.now() / 1000),   //notice the corrected braces after Date.now

Your API infact seems to only accept incorrect iat.

when we pass a valid iat on prod - we get the error

Token used before issue

This error and validation did not happen on staging

nithinkashyapn commented 3 years ago

Hey, we chose to use Date.now as it'll be computed at runtime. A more detailed explanation can be found here.

Date.now does work. PFB the tokens, it does contain the iat property.

> jwt.sign( { aud: "123", iat: Math.floor(Date.now() / 1000), jti: uuid.v4() }, '123' );
'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiIxMjMiLCJpYXQiOjE2MjYyMzkwMzAsImp0aSI6IjliN2QwMWJlLTZhNzUtNDZjMS1iNjU4LTQwZWI2ZjdkMzNlZCJ9.CjMu47eLd_CS695P51zDORK25nPOA_JdD1ON65ia7d0'

> jwt.sign( { aud: "123", iat: Math.floor(Date.now / 1000), jti: uuid.v4() }, '123' );
'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiIxMjMiLCJpYXQiOjE2MjYyMzkwMzQsImp0aSI6IjdiOTU4ZTdhLWQxNTktNDM0YS05YzUwLTUyNmM2NzFlZGU1ZCJ9.VlPydKuZyRusQJQRD-D1Z8qUbAs8gwnK4rMahASpCiI'