DefaultJWTClaimsVerifier compares GMT to local time
Issue #482
new
Time in JWT-Token like exp
and iat
are stored as GMT. The class DefaultJWTClaimsVerifier
compares exp
to java.util.Date
, this is however local time and not GMT (depending on server configuration).
The method:
protected Date currentTime() {
return new Date();
}
should ensure that returned date is in GMT, for example:
protected Date currentTime() {
Calendar time = Calendar.getInstance();
time.add(Calendar.MILLISECOND, -time.getTimeZone().getOffset(time.getTimeInMillis()));
return time.getTime();
}