JWTBearerTokenValidator don't send parameters now and leeway to claim.validate

lepture / authlib

The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.

https://authlib.org/

BSD 3-Clause "New" or "Revised" License

4.39k stars 436 forks source link

JWTBearerTokenValidator don't send parameters now and leeway to claim.validate #609

Open danilovmy opened 6 months ago

danilovmy commented 6 months ago

# authlib\oauth2\rfc7523\validator.py
class JWTBearerTokenValidator:
    def authenticate_token(self, token_string):
        try:
            claims = jwt.decode( ... )
            claims.validate()
            return claims
        except JoseError as error:
           ...

But:

# authlib\jose\rfc7519\claims.py
class JWTClaims(BaseClaims):
    ...
    def validate(self, now=None, leeway=0):
        ...

I see the solution in:

def authenticate_token(self, token_string, now=None, leeway=0):
        ... 
        claims.validate(now, leeway)
        ...

The bug appears in testing phase.