Fix: JWT token now uses UTC and not local time

coscine/issues#1964

src/JwtHandler/JwtHandler.cs

@@ -15,8 +15,10 @@ namespace Coscine.JwtHandler
         private readonly JwtSecurityTokenHandler _jwtSecurityTokenHandler;
         private readonly SymmetricSecurityKey _symmetricSecurityKey;
         private readonly DateTime _centuryBegin;
+
         // How long the default token is valid (in minutes).
         private readonly double _defaultExpiration;
+
         private readonly string _issuer;
         private readonly string _audience;
 
@@ -25,8 +27,8 @@ namespace Coscine.JwtHandler
             Configuration = configuration;
             _jwtSecurityTokenHandler = new JwtSecurityTokenHandler();
             _symmetricSecurityKey = GetSecurityKey();
-            _centuryBegin = new DateTime(1970, 1, 1);
-            _defaultExpiration = 30;
+            _centuryBegin = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
+            _defaultExpiration = 60;
             _issuer = "https://coscine.rwth-aachen.de";
             _audience = "https://coscine.rwth-aachen.de";
         }
@@ -52,7 +54,9 @@ namespace Coscine.JwtHandler
                 ValidateIssuerSigningKey = true,
                 IssuerSigningKey = _symmetricSecurityKey,
                 ValidateIssuer = false,
-                ValidateAudience = false
+                ValidateAudience = false,
+                // set clockskew to zero so tokens expire exactly at token expiration time (instead of 5 minutes later)
+                ClockSkew = TimeSpan.Zero
             };
 
             _jwtSecurityTokenHandler.ValidateToken(token, tokenValidationParameters, out _);
@@ -66,7 +70,7 @@ namespace Coscine.JwtHandler
 
         public string GenerateJwtToken(JwtPayload payload, string signatureAlgorithm = "HS256")
         {
-            var issuedAt = DateTime.Now;
+            var issuedAt = DateTime.UtcNow;
             var expires = issuedAt.AddMinutes(_defaultExpiration);
             return GenerateJwtToken(payload, _issuer, _audience, issuedAt, expires, signatureAlgorithm);
         }
@@ -107,6 +111,5 @@ namespace Coscine.JwtHandler
 
             return GenerateJwtToken(payload, issuer, audience, issuedAt, expires, signatureAlgorithm);
         }
-
     }
-}
+}
\ No newline at end of file