Wrong handling of 0 in expires_at

lepture / authlib

The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.

https://authlib.org/

BSD 3-Clause "New" or "Revised" License

4.49k stars 448 forks source link

Wrong handling of 0 in expires_at #530

Open NomAnor opened 1 year ago

NomAnor commented 1 year ago

If the expires_at timestamp in a token is 0 the is_expired() function erroneously returns None instead of True. The check should explicitly check for None.

https://github.com/lepture/authlib/blob/ee4337cf7c825349dd23870822a3cc7df123097f/authlib/oauth2/rfc6749/wrappers.py#L13-L17