Fix: JWT token now uses UTC and not local time

be989213 · Petar Hristov · L. Ellenbeck · ec87e87f · be989213 · be989213
Commit be989213 authored 3 years ago by Petar Hristov Committed by L. Ellenbeck 3 years ago
--- a/src/JwtHandler/JwtHandler.cs
+++ b/src/JwtHandler/JwtHandler.cs
@@ -15,8 +15,10 @@ namespace Coscine.JwtHandler
        private readonly JwtSecurityTokenHandler _jwtSecurityTokenHandler;
        private readonly SymmetricSecurityKey _symmetricSecurityKey;
        private readonly DateTime _centuryBegin;
        // How long the default token is valid (in minutes).
        private readonly double _defaultExpiration;
        private readonly string _issuer;
        private readonly string _audience;
@@ -25,8 +27,8 @@ namespace Coscine.JwtHandler
            Configuration = configuration;
            _jwtSecurityTokenHandler = new JwtSecurityTokenHandler();
            _symmetricSecurityKey = GetSecurityKey();
-            _centuryBegin = new DateTime(1970, 1, 1);
+            _centuryBegin = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
-            _defaultExpiration = 30;
+            _defaultExpiration = 60;
            _issuer = "https://coscine.rwth-aachen.de";
            _audience = "https://coscine.rwth-aachen.de";
        }
@@ -52,7 +54,9 @@ namespace Coscine.JwtHandler
                ValidateIssuerSigningKey = true,
                IssuerSigningKey = _symmetricSecurityKey,
                ValidateIssuer = false,
-                ValidateAudience = false
+                ValidateAudience = false,
+                // set clockskew to zero so tokens expire exactly at token expiration time (instead of 5 minutes later)
+                ClockSkew = TimeSpan.Zero
            };
            _jwtSecurityTokenHandler.ValidateToken(token, tokenValidationParameters, out _);
@@ -66,7 +70,7 @@ namespace Coscine.JwtHandler
        public string GenerateJwtToken(JwtPayload payload, string signatureAlgorithm = "HS256")
        {
-            var issuedAt = DateTime.Now;
+            var issuedAt = DateTime.UtcNow;
            var expires = issuedAt.AddMinutes(_defaultExpiration);
            return GenerateJwtToken(payload, _issuer, _audience, issuedAt, expires, signatureAlgorithm);
        }
@@ -107,6 +111,5 @@ namespace Coscine.JwtHandler
            return GenerateJwtToken(payload, issuer, audience, issuedAt, expires, signatureAlgorithm);
        }
    }
 }
\ No newline at end of file
--- a/src/JwtHandler/JwtHandler.csproj
+++ b/src/JwtHandler/JwtHandler.csproj
 <Project Sdk="Microsoft.NET.Sdk">
 	<PropertyGroup>
 		<OutputType>Library</OutputType>
 		<RootNamespace>Coscine.JwtHandler</RootNamespace>
@@ -9,7 +9,7 @@
 	<PropertyGroup>
 		<Authors>RWTH Aachen University</Authors>
 		<Company>IT Center, RWTH Aachen University</Company>
-		<Copyright>2021 IT Center, RWTH Aachen University</Copyright>
+		<Copyright>2022 IT Center, RWTH Aachen University</Copyright>
 		<Description>JwtHandler is a part of the Coscine group.</Description>
 		<PackageLicenseExpression>MIT</PackageLicenseExpression>
 		<PackageProjectUrl>https://git.rwth-aachen.de/coscine/backend/libraries/Jwt-Handler</PackageProjectUrl>