JWT and Expiration

Not a question really (except has anything changed?) more an observation

I have always set my JWT Dates as follows (I'm sure that is in a demo somewhere)

JWT.Claims.IssuedAt := TTimeZone.local.ToUniversalTime(Now);
JWT.Claims.Expiration := TTimeZone.local.ToUniversalTime(IncMinute(Now, JWT_VALID_FOR));

And this was fine when the JWT was consumed by a WebCore App where the date was converted using

Epoch := toInteger(Obj.Properties['exp']);
Result := TJSDate.New(Epoch * 1000);

However, I have been creating a JWT (using Bcl.Jose.Types.JSON) for submission to a third party service and it is always showing as expired.

It turns out that
class procedure TJSONUtils.SetJSONRttiValue(const AName: string; const AValue: TValue; AJSON: TJSONObject);
in that unit makes a call to
DateTimeToUnix(AValue.AsType<TDateTime>, False)
with the arguement AInputIsUTC set to false, so that
was being called twice.

Indeed, IssueAt, Expiration and other date/time claims should be set as local date/time. The library will manage to set it as UTC time accordingly inside the JWT claim.

I must have had this code left over from a long time ago.

1 Like

This topic was automatically closed 60 minutes after the last reply. New replies are no longer allowed.