Closed bvanloocke closed 3 weeks ago
@bvanloocke Although the auth_time
claim is added as a java.util.Date
and exp
, iat
and nbf
claims are added as java.time.Instant
, the claims are converted to java.util.Date
before the ID Token is serialized.
I don't see any issues at this point. Is there a specific bug that you are seeing that you can reproduce?
If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.
Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.
Describe the bug There is a discrepancy in the ID-token: according to org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder#authTime the type of the AUTH_TIME claim should be Instant.
but according to org/springframework/security/oauth2/server/authorization/token/JwtGenerator.java:140
a java.util. Date is used.
Expected behavior There should be 1 type. In tokens normally java.time.Instants are used (issuedAt, expiresAt,..)