kudamhazo
commented
2 years ago I can take a stab at PR if you think this is worth fixing 🙂
Open kudamhazo opened 2 years ago
kudamhazo
commented
2 years ago I can take a stab at PR if you think this is worth fixing 🙂
There is a bit of an issue with the validation of datetimes (exp, iat, nbf, etc) claims. The library is checking if they are integers which is not correct. It should check if they are numeric (maybe
is_numeric(...)method) instead because the RFC ref for JWT does not restrict those claims to integers. I am experiencing some challenges because of this issue. OpenID server I am using returns claims with format like this:Hope this can be updated some time. Here is the code reference to where the issue is: https://github.com/jumbojett/OpenID-Connect-PHP/blob/4ac6b24ad4a011017ebea0fbad6aa5be4457cc9a/src/OpenIDConnectClient.php#L1072-L1073