DefaultJWTClaimsVerifier compares GMT to local time
Issue #482
new
Time in JWT-Token like exp and iat are stored as GMT. The class DefaultJWTClaimsVerifier compares exp to java.util.Date, this is however local time and not GMT (depending on server configuration).
The method:
protected Date currentTime() {
return new Date();
}
should ensure that returned date is in GMT, for example:
protected Date currentTime() {
Calendar time = Calendar.getInstance();
time.add(Calendar.MILLISECOND, -time.getTimeZone().getOffset(time.getTimeInMillis()));
return time.getTime();
}
