Closed benjaminmordaunt closed 3 years ago
The exp claim is not optional (it cannot be zero), as the current code base stands. ExpiresAt is marked as omitempty here: https://github.com/dgrijalva/jwt-go/blob/dc14462fd58732591c7fa58cc8496d6824316a82/claims.go#L20
exp
ExpiresAt
omitempty
... but then during the Validation steps, it directly accesses c.ExpiresAt without a check! https://github.com/dgrijalva/jwt-go/blob/dc14462fd58732591c7fa58cc8496d6824316a82/claims.go#L39
c.ExpiresAt
This causes a panic when ExpiresAt is 0.
See #460
benjaminmordaunt
commented
3 years ago benjaminmordaunt
commented
3 years ago
The
expclaim is not optional (it cannot be zero), as the current code base stands.ExpiresAtis marked asomitemptyhere: https://github.com/dgrijalva/jwt-go/blob/dc14462fd58732591c7fa58cc8496d6824316a82/claims.go#L20... but then during the Validation steps, it directly accesses
c.ExpiresAtwithout a check! https://github.com/dgrijalva/jwt-go/blob/dc14462fd58732591c7fa58cc8496d6824316a82/claims.go#L39This causes a panic when
ExpiresAtis 0.