Membrane Backend: A centralized authentication service for Single Sign-On (SSO) enabling seamless token-based email verification across multiple client applications.
MIT License
1
stars
0
forks
source link
JWT tokens with expired timestamps still being accepted #16
Application currently accepts JWT tokens even if their timestamps indicate they have expired. This poses a security risk and should be fixed immediately. Moreover, the original JWT encoding with the expiration_time is not functioning as intended.
Steps to Reproduce:
Generate a JWT token with an expired timestamp.
Use this token to access a protected endpoint.
Notice that the application still grants access.
Expected Result:
The application should reject the token and prevent access.
Actual Result:
The application accepts the token and grants access.
Description:
Application currently accepts JWT tokens even if their timestamps indicate they have expired. This poses a security risk and should be fixed immediately. Moreover, the original JWT encoding with the expiration_time is not functioning as intended.
Steps to Reproduce:
Expected Result: The application should reject the token and prevent access.
Actual Result: The application accepts the token and grants access.