Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] SecurityTokenNoExpirationException when the Expiration Date is larger than January 19, 2038 #2124

Closed
1 of 14 tasks
michaelhofer-slg opened this issue Jun 27, 2023 · 2 comments
Closed
1 of 14 tasks

[Bug] SecurityTokenNoExpirationException when the Expiration Date is larger than January 19, 2038 #2124

michaelhofer-slg opened this issue Jun 27, 2023 · 2 comments
Labels
Bug Product is not functioning as expected Customer reported Indicates issue was opened by customer P2 High, but not urgent. Needs to be addressed within the next couple of sprints
Milestone
7.0.0

Comments

@michaelhofer-slg
Copy link

michaelhofer-slg commented Jun 27, 2023
edited
Loading

Which version of Microsoft.IdentityModel are you using?
Microsoft.IdentityModel 6.15.1

Where is the issue?

  • M.IM.JsonWebTokens
  • M.IM.KeyVaultExtensions
  • M.IM.Logging
  • M.IM.ManagedKeyVaultSecurityKey
  • M.IM.Protocols
  • M.IM.Protocols.OpenIdConnect
  • M.IM.Protocols.SignedHttpRequest
  • M.IM.Protocols.WsFederation
  • M.IM.TestExtensions
  • M.IM.Tokens
  • M.IM.Tokens.Saml
  • M.IM.Validators
  • M.IM.Xml
  • S.IM.Tokens.Jwt

Is this a new or an existing app?
The app is in production and I haven't upgraded Microsoft.IdentityModel.*, but started seeing this issue.

Repro

[Test]
public void JwtToken_TokenIsValid()
{
	DateTime tokenValidUntil = DateTime.Now.AddYears(25);

	SymmetricSecurityKey symmetricSecurityKey = new(Encoding.UTF8.GetBytes("fdbc79c3-80c5-4744-abd9-597cff9af24b"));
	SigningCredentials   signingCredentials   = new(symmetricSecurityKey, SecurityAlgorithms.HmacSha256Signature);

	JwtSecurityToken jwtSecurityToken = new(
		expires: tokenValidUntil,
		signingCredentials: signingCredentials
	);

	string jwtToken = new JwtSecurityTokenHandler().WriteToken(jwtSecurityToken);

	var tokenValidationParameters = new TokenValidationParameters
	{
		ValidateIssuer   = false,
		ValidateAudience = false,
		ValidateLifetime = true,
		IssuerSigningKey = symmetricSecurityKey,
	};

	JwtSecurityTokenHandler tokenHandler = new();
	tokenHandler.ValidateToken(jwtToken, tokenValidationParameters, out SecurityToken validatedToken);
}

Expected behavior
The token should be valid and expire in 25 years

Actual behavior
Lifetime validation failed. The token is missing an Expiration Time:

Microsoft.IdentityModel.Tokens.SecurityTokenNoExpirationException : IDX10225: Lifetime validation failed. The token is missing an Expiration Time. Tokentype: 'System.IdentityModel.Tokens.Jwt.JwtSecurityToken'.
   at Microsoft.IdentityModel.Tokens.Validators.ValidateLifetime(Nullable`1 notBefore, Nullable`1 expires, SecurityToken securityToken, TokenValidationParameters validationParameters)
   at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateLifetime(Nullable`1 notBefore, Nullable`1 expires, JwtSecurityToken jwtToken, TokenValidationParameters validationParameters)
   at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateTokenPayload(JwtSecurityToken jwtToken, TokenValidationParameters validationParameters)
   at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)

Possible solution
It seems that the getter in JwtPlayoad.cs uses int?, which has a MaxValue of 2147483647. This is transtlated to Tuesday, January 19, 2038 3:14:07 AM, so expiration dates larger than this are invalid.

Additional context / logs / screenshots / links to code

azure-activedirectory-identitymodel-extensions-for-dotnet/src/System.IdentityModel.Tokens.Jwt/JwtPayload.cs

Lines 223 to 226 in 23808d5

public int? Exp
{
get { return this.GetIntClaim(JwtRegisteredClaimNames.Exp); }
}

@TheBigNeo
Copy link

I run into the same issue last week

@jennyf19 jennyf19 added P2 High, but not urgent. Needs to be addressed within the next couple of sprints Customer reported Indicates issue was opened by customer Bug Product is not functioning as expected duplicate labels Jul 9, 2023
@ghost ghost mentioned this issue Aug 27, 2023
Closed
14 tasks
@jennyf19 jennyf19 added this to the 7.0.0 milestone Sep 15, 2023
@jennyf19
Copy link
Collaborator

This is fixed in 7.0.0. Closing. Please re-open if you face the issue still in 7. Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Product is not functioning as expected Customer reported Indicates issue was opened by customer P2 High, but not urgent. Needs to be addressed within the next couple of sprints
Projects
None yet
Milestone
7.0.0
Development

No branches or pull requests
3 participants
@jennyf19 @michaelhofer-slg @TheBigNeo