Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cognito "iat" claim set in the future #65

Open
eelkeh opened this issue Jan 10, 2022 · 1 comment
Open

Cognito "iat" claim set in the future #65

eelkeh opened this issue Jan 10, 2022 · 1 comment

Comments

@eelkeh
Copy link

eelkeh commented Jan 10, 2022

We're running an issue where the iat claim (Issued At) in AWS Cognito is ~1 second into the future (on multiple machines and server configurations, synced with NTP).
Would it be helpful to maybe add a configurable time delta to verification to account for these slightly out of sync use cases?
I can create a PR for this, but I first wanted to check if this would be anything that could be incorporated.
@eelkeh eelkeh changed the title Cognita "iat" claim set in the future Cognito "iat" claim set in the future Jan 10, 2022
@michaeltoqua
Copy link

I am running into the same problem, also with AWS Cognito. Took me quite a while before I found out that the iat was causing our tests to fail.

I am not sure whether verification of the iat timestamp is even the right way to go. The JWT spec says nothing about how iat should be verified. In case issue dates should be verified, nbf seems more appropriate. The spec also allows for a small leeway to account for clock skew.
A relevant discussion around this topic can be found at auth0/java-jwt#254.

@webbiscuit webbiscuit mentioned this issue Jul 12, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@eelkeh @michaeltoqua