Invalid date in header

Question

Invalid date in header

leonchen83 opened this issue 3 years ago · comments

Baoyi Chen commented 3 years ago

Describe the problem

Invalid date in header after decoded

What was the expected behavior?

valid date after decoded

Reproduction

	public static void main(String[] args) {
		JWTCreator.Builder builder = JWT.create();
		Map<String, Object> map = new HashMap<>();
		
		map.put("date", new Date());
		builder.withHeader(map);
		String str = builder.sign(Algorithm.HMAC256("secret"));
		
		DecodedJWT decoded = JWT.decode(str);
		System.out.println(decoded.getHeaderClaim("date").asDate());
	}

console log print

Mon Apr 18 14:48:19 CST 53966

above is not a valid year

Environment

Version of this library used: 3.18.2
Version of Java used: java 11

Poovamraj T T · Answer 1 · Fri Dec 31 2021 06:32:22 GMT+0800 (China Standard Time)

Hi @leonchen83, Thanks for notifying us

This error is happening because we multiply the value we get with 1000

This is done because when we serialize information like EXPIRES_AT, ISSUED_AT and NOT_BEFORE in the Payload, We convert milliseconds into seconds and that is why while we deserialize we multiply it with 1000.

But this serializing behaviour is implemented only for Payload and not Header which is why Date stored in Header gets multiplied by 1000 and the year seems to 53966.

We can fix this by probably serializing the date values in header in seconds. But we will think a little more about this before fixing it so that backward compatibility is not affected. If you want a temporary fix you can get the value asLong() and provide it as input to the Date objects constructor.

stale · Answer 2 · Sat Apr 16 2022 11:34:09 GMT+0800 (China Standard Time)

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If you have not received a response for our team (apologies for the delay) and this is still a blocker, please reply with additional information or just a ping. Thank you for your contribution! 🙇‍♂️

Jim Anderson · Answer 3 · Mon Apr 25 2022 23:15:35 GMT+0800 (China Standard Time)

We will correctly serialize all dates in the payload and header in the upcoming v4 release. Thanks!

Poovamraj T T · Answer 4 · Fri May 06 2022 22:45:12 GMT+0800 (China Standard Time)

Hello 👋

We have fixed this behaviour in our latest v4.0.0-beta.0 release. We will close this issue now. Please try the new release and provide your feedback. Please note that there are changes in the library's behaviour in the new major and check out our Migration Guide to migrate your library.