X Tutup
Skip to content

Allow to skip "issued at" validation#297

Merged
lbalmaceda merged 5 commits intoauth0:masterfrom
complanboy2:issue254
Jan 12, 2019
Merged

Allow to skip "issued at" validation#297
lbalmaceda merged 5 commits intoauth0:masterfrom
complanboy2:issue254

Conversation

@complanboy2
Copy link
Copy Markdown

@complanboy2 complanboy2 commented Oct 30, 2018
edited by lbalmaceda
Loading

The default behavior remains the same: Always verify the iat.

Will close #254

@complanboy2 complanboy2 mentioned this pull request Oct 30, 2018
Closed
@complanboy2
Copy link
Copy Markdown
Author

complanboy2 commented Nov 21, 2018
edited
Loading

Any hope for getting this reviewed in 2018 !

And also please check, #289

@complanboy2 complanboy2 mentioned this pull request Nov 21, 2018
Closed
@svenwb
Copy link
Copy Markdown

svenwb commented Jan 10, 2019

Is there any eta when this will be reviewed?

lbalmaceda
lbalmaceda suggested changes Jan 10, 2019
View reviewed changes
Copy link
Copy Markdown
Contributor

@lbalmaceda lbalmaceda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@complanboy2 Sorry for the delay. Please use spaces instead of tabs and fix the indentation so the file maintains the same formatting as before. I've left you a few comments. But mainly, the PR is missing the core check. You should be skipping the iat verification if the flag is present at this line.

lbalmaceda
lbalmaceda suggested changes Jan 11, 2019
View reviewed changes
Copy link
Copy Markdown
Contributor

@lbalmaceda lbalmaceda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please rebase the branch

@lbalmaceda lbalmaceda changed the title Issue#254: iat validation will be done by default and it can be ignor… Allow to skip "issued at" validation Jan 12, 2019
@lbalmaceda lbalmaceda merged commit 08def5e into auth0:master Jan 12, 2019
@lbalmaceda lbalmaceda added this to the v3-Next milestone Jan 12, 2019
@lbalmaceda
Copy link
Copy Markdown
Contributor

lbalmaceda commented Jan 12, 2019

Thanks!

@complanboy2 complanboy2 deleted the issue254 branch January 13, 2019 12:56
@svenwb
Copy link
Copy Markdown

svenwb commented Jan 14, 2019

Hi @lbalmaceda thanks for moving this forward!
How does the release process of this pull request look like?
Is there any release planed which includes this change?
Thanks :)

@lbalmaceda
Copy link
Copy Markdown
Contributor

lbalmaceda commented Jan 14, 2019

@svenwb I'll see if I can fit another change by end of week and make a release.

@lbalmaceda lbalmaceda modified the milestones: v3-Next, 3.6.0 Jan 24, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@lbalmaceda lbalmaceda lbalmaceda approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

CH: Added

Projects

None yet

Milestone

3.6.0

Development

Successfully merging this pull request may close these issues.

iat should not be used for token lifetime validation

3 participants

@complanboy2 @svenwb @lbalmaceda
X Tutup