This repository has been archived by the owner on Jul 13, 2023. It is now read-only.
"exp" > 24 hours does not result in an error. #794
Comments
|
We are a bit lax on this because we want to encourage folks to use VAPID. Right now, folks are struggling to just get the encryption right (we see a lot of that from the logs). Considering the fun of clock skew and time sync errors, we decided to remove one hurdle. Yes, this does expose folks to potential replay errors against themselves, however the actual incidence of this is very low. We do expect to start enforcing the standard once it is finalized. |
|
Ta for the info :) 👍 |
bbangert
added a commit
that referenced
this issue
Feb 9, 2017
We now attempt to coerce the jwt exp value in case it wasn't an int and verify that it is within the next 24 hours and has not already expired. Closes #794
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
If I set an expiration to something greater than 24 hours (i.e. 48 hours) in the VAPID JWT, I'm not receiving an error which I think it's meant to:
The text was updated successfully, but these errors were encountered: