Open jgruppuso opened 1 year ago
This was found in a context where UTC was not the Django timezone, but rather Asia/Tokyo. I have added a test which replicates the issue.
UTC
Asia/Tokyo
(Pdb) iat 1685329261 (Pdb) expires_at_unix_time 1685331061.0 (Pdb) datetime.utcfromtimestamp(iat) datetime.datetime(2023, 5, 29, 3, 1, 1) (Pdb) datetime.utcfromtimestamp(expires_at_unix_time) datetime.datetime(2023, 5, 29, 3, 31, 1) (Pdb) make_aware(datetime.utcfromtimestamp(expires_at_unix_time)) datetime.datetime(2023, 5, 29, 3, 31, 1, tzinfo=zoneinfo.ZoneInfo(key='Asia/Tokyo'))
iat (UTC) expires_at_unix_time = iat + 30mins (UTC) expires_at = iat + 30mins (Asia/Tokyo) → this means the token is created already expired!
(Pdb) iat 1685335304 (Pdb) expires_at_unix_time 1685940104.0 (Pdb) datetime.datetime.utcfromtimestamp(iat) datetime.datetime(2023, 5, 29, 4, 41, 44) (Pdb) datetime.datetime.utcfromtimestamp(expires_at_unix_time) datetime.datetime(2023, 5, 29, 5, 11, 44) (Pdb) make_aware(datetime.datetime.utcfromtimestamp(expires_at_unix_time),timezone=datetime.timezone.utc) datetime.datetime(2023, 5, 29, 5, 11, 44, tzinfo=datetime.timezone.utc)
iat (UTC) expires_at_unix_time = iat + 30mins (UTC) expires_at = iat + 30mins (UTC)
This was found in a context where
UTCwas not the Django timezone, but ratherAsia/Tokyo. I have added a test which replicates the issue.Before:
iat (UTC) expires_at_unix_time = iat + 30mins (UTC) expires_at = iat + 30mins (Asia/Tokyo) → this means the token is created already expired!
After:
iat (UTC) expires_at_unix_time = iat + 30mins (UTC) expires_at = iat + 30mins (UTC)