[BUG]: JWT exp not calculated properly

phalcon / cphalcon

High performance, full-stack PHP framework delivered as a C extension.

https://phalcon.io

BSD 3-Clause "New" or "Revised" License

10.78k stars 1.97k forks source link

[BUG]: JWT exp not calculated properly #16166

Closed niden closed 1 year ago

niden commented 1 year ago

The JWT exp claim is not properly calculated

RFC 7519, 4.1.4., The processing of the "exp" claim requires that the current date/time MUST be before the expiration date/time listed in the "exp" claim. So Validator must produce an error if current timestamp is grater than "exp" claim.

niden commented 1 year ago

Resolved in https://github.com/phalcon/cphalcon/pull/16165