use JWT timestamp to validate claims

TheNetworg / oauth2-azure

Azure AD provider for the OAuth 2.0 Client.

https://packagist.org/packages/thenetworg/oauth2-azure

MIT License

229 stars 108 forks source link

use JWT timestamp to validate claims #181

Open lutangar opened 1 year ago

lutangar commented 1 year ago

This allows better testability.

This feature is better described in the JWT class :

Allow the current timestamp to be specified. Useful for fixing a value within unit testing. https://github.com/firebase/php-jwt/blob/3b454f90f147db65a615041dec6661f427d6cb00/src/JWT.php#L43-L50

lutangar commented 1 year ago

Didn't notice at first but #178 is related. I could implement the JWT::$leeway in this one if interested.

elernonelma commented 1 year ago

Yes make sens 👍

lutangar commented 1 year ago

Added JWT::$leeway usage in 2b563b8, as seen in #178

This allows time manipulation for testing purpose. See JWTTest.php#L79-L90 for a usecase.

lutangar commented 7 months ago

Ping @hajekj