Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The exp claim should always appear in the JWT #648

Closed
federicaagostini opened this issue Sep 6, 2023 · 2 comments
Closed

The exp claim should always appear in the JWT #648

federicaagostini opened this issue Sep 6, 2023 · 2 comments

Comments

@federicaagostini
Copy link
Contributor

According with RFC 9068, the exp claim of the JWT (indicating the expiration time) should appear in the token.

In IAM, when one sets the access token lifetime as infinite (value equal to 0) the exp claim does not appear in the AT.

We should not allow users to set an infinite lifetime of the token. Suggestion on the max lifetime one can set for an AT is commented here.
federicaagostini added a commit that referenced this issue Sep 7, 2023
@federicaagostini
Bump to MitreID version 1.3.6.cnaf-20230907
acb14fb 
which fixes issue-648: #648
@federicaagostini
Copy link
Contributor Author

Solved in MitreID, with commit 0c64dc6.

@giacomini
Copy link
Contributor

Just for the record, the exp claim must appear in the token.

@enricovianello enricovianello mentioned this issue Sep 14, 2023
Merged
enricovianello pushed a commit that referenced this issue Sep 14, 2023
@federicaagostini
Fix management of tokens lifetime following RFC9068 (#620)
3749a72 
The Access Token and Refresh Token lifetimes are configurable by admins via web interface. #545
The exp claim will always appear into access tokens (following RFC9068). This fix is included since mitreId version 1.3.6.cnaf-20230914.  #648
@federicaagostini federicaagostini mentioned this issue Sep 20, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@giacomini @federicaagostini