Closed Prosperoh closed 2 years ago
Well the spec is certainly confusing. Sounds like a bug.
What would expect the behavior to be? I had a few idea pop up but given I've never needed this I hope you don't mind sharing some user insights
For my own use, and I assume in most cases rounding to the closest second is good enough. I have made a PR with this change.
Merged to master.
Thanks so much for contributing !
What happened?
While verifiying a JWT that has a non-integer value for the "nbf" claim, a std::bad_cast exception was thrown. I am using the picojson trait but it should fail on any trait that throws an exception while trying to cast a decimal value to an integer value.
This is caused by assuming that the "nbf" and other date claims are integers:
date as_date() const { return std::chrono::system_clock::from_time_t(as_int()); }
though the standard explicitly allows decimal values (https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.5):
And earlier, defining NumericDate:
A course of action could be to rework
as_date(...)
to interpret decimal values as well. Though it is not clear how they should be rounded.PS: Running on Windows using Mingw64.
How To Reproduce?
Decode a JWT token with a date claim (such as "nbf") that has a decimal value and verify it.
Version
0.6.0
What OS are you seeing the problem on?
Windows
What compiler are you seeing the problem on?
Other (please let us know if the "What happened" box)
Relevant log output
No response
Code of Conduct