如何用UTC过期时间验证JWT?
How to verify JWT with UTC expiration time?
我已经使用 Auth0 JWT 库生成了 JWT,
algorithm = Algorithm.HMAC256(secretkey);
token = JWT.create()
.withIssuer(issuer)
.withExpiresAt(UTCExpDate) //UTC now + 30 mins added
.withIssuedAt(UTCDate)
.sign(algorithm);
当我尝试通过以下代码验证时,
Algorithm algorithm = Algorithm.HMAC256(secretkey);
JWTVerifier verifier = JWT.require(algorithm)
.withIssuer(issuer)
.build();
DecodedJWT jwt = verifier.verify(token);
得到以下 TokenExpiredException 异常,因为它验证当前时区是 +5.30 而不是 UTC。有解决这个问题的正确方法吗?
com.auth0.jwt.exceptions.TokenExpiredException: The Token has expired on Tue May 08 13:55:57 IST 2018.
at com.auth0.jwt.JWTVerifier.assertDateIsFuture(JWTVerifier.java:441)
at com.auth0.jwt.JWTVerifier.assertValidDateClaim(JWTVerifier.java:432)
注意:暂时我通过在验证时添加.acceptExpiresAt(19800)来解决这个问题。但我正在寻找正确的 UTC 验证解决方案。
根据 documentation,您可以提供自定义 Clock 实现。将 Verification 实例转换为 BaseVerification 以获得接受自定义 Clock 的 verification.build() 方法的可见性。例如:
BaseVerification verification = (BaseVerification) JWT.require(algorithm)
.acceptLeeway(1)
.acceptExpiresAt(5);
Clock clock = new CustomClock(); // Must implement Clock interface
JWTVerifier verifier = verification.build(clock);
我已经使用 Auth0 JWT 库生成了 JWT,
algorithm = Algorithm.HMAC256(secretkey);
token = JWT.create()
.withIssuer(issuer)
.withExpiresAt(UTCExpDate) //UTC now + 30 mins added
.withIssuedAt(UTCDate)
.sign(algorithm);
当我尝试通过以下代码验证时,
Algorithm algorithm = Algorithm.HMAC256(secretkey);
JWTVerifier verifier = JWT.require(algorithm)
.withIssuer(issuer)
.build();
DecodedJWT jwt = verifier.verify(token);
得到以下 TokenExpiredException 异常,因为它验证当前时区是 +5.30 而不是 UTC。有解决这个问题的正确方法吗?
com.auth0.jwt.exceptions.TokenExpiredException: The Token has expired on Tue May 08 13:55:57 IST 2018.
at com.auth0.jwt.JWTVerifier.assertDateIsFuture(JWTVerifier.java:441)
at com.auth0.jwt.JWTVerifier.assertValidDateClaim(JWTVerifier.java:432)
注意:暂时我通过在验证时添加.acceptExpiresAt(19800)来解决这个问题。但我正在寻找正确的 UTC 验证解决方案。
根据 documentation,您可以提供自定义 Clock 实现。将 Verification 实例转换为 BaseVerification 以获得接受自定义 Clock 的 verification.build() 方法的可见性。例如:
BaseVerification verification = (BaseVerification) JWT.require(algorithm)
.acceptLeeway(1)
.acceptExpiresAt(5);
Clock clock = new CustomClock(); // Must implement Clock interface
JWTVerifier verifier = verification.build(clock);