Closed SailReal closed 1 year ago
Before the leeway calculation was in the client, now it is on the server side. Furthermore when the IAT was in the future, it failed before. Now the client provides only a IAT and we allow it to be in the future.
https://github.com/cryptomator/hub/blob/4aeaf04d19ad4841ff761defe92874c9711ff541/backend/src/main/java/org/cryptomator/hub/filters/VaultAdminOnlyFilterProvider.java#L78-L81
is required because if we use .acceptIssuedAt(REQUEST_LEEWAY_IN_SECONDS) the token is valid forever. That is why we need to validate it our self.
.acceptIssuedAt(REQUEST_LEEWAY_IN_SECONDS)
Before the leeway calculation was in the client, now it is on the server side. Furthermore when the IAT was in the future, it failed before. Now the client provides only a IAT and we allow it to be in the future.
https://github.com/cryptomator/hub/blob/4aeaf04d19ad4841ff761defe92874c9711ff541/backend/src/main/java/org/cryptomator/hub/filters/VaultAdminOnlyFilterProvider.java#L78-L81
is required because if we use
.acceptIssuedAt(REQUEST_LEEWAY_IN_SECONDS)
the token is valid forever. That is why we need to validate it our self.