ai-cfia / membrane-backend

Membrane Backend: A centralized authentication service for Single Sign-On (SSO) enabling seamless token-based email verification across multiple client applications.
MIT License
1 stars 0 forks source link

JWT tokens with expired timestamps still being accepted #16

Closed CFIALeronB closed 1 year ago

CFIALeronB commented 1 year ago

Description:

Application currently accepts JWT tokens even if their timestamps indicate they have expired. This poses a security risk and should be fixed immediately. Moreover, the original JWT encoding with the expiration_time is not functioning as intended.

Steps to Reproduce:

  1. Generate a JWT token with an expired timestamp.
  2. Use this token to access a protected endpoint.
  3. Notice that the application still grants access.

Expected Result: The application should reject the token and prevent access.

Actual Result: The application accepts the token and grants access.