dzuluaga
commented
9 years ago @rwalsh0975 since we're leveraging the community for helping others as well. Please ask this question on http://community.apigee.com
@DinoChiesa and @vinit4u16 any clue here?
DinoChiesa
In the parser, the "ms" variable is defined as in int then set by casting the result of t2 - now as an int. However, getTime returns a long and when you cast it as an in, the value can become negative therefore rendering the expired/nbf invalid and therefore tokens could possibly be allowed in after they've expired.
I fixed this by changing both ms and secsRemaining to longs and removed the (int) casting