Skip to content

Commit

Permalink
Merge pull request #1312 from thephpleague/switch-to-loose-valid-at
Browse files Browse the repository at this point in the history
Use LooseValidAt instead of StrictValidAt
  • Loading branch information
Sephster authored Nov 14, 2022
2 parents 0f32fbe + a5bcef8 commit 9d246cf
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 3 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
## [Unreleased]
### Fixed
- Use InMemory::plainText('empty', 'empty') instead of InMemory::plainText('') to avoid [new empty string exception](https://github.com/lcobucci/jwt/pull/833) thrown by lcobucci/jwt (PR #1282)
- Use LooseValidAt instead of StrictValidAt so that users aren't forced to use claims such as NBF in their JWT tokens (PR #1312)

## [8.3.4] - released 2022-04-07
### Fixed
Expand Down
6 changes: 3 additions & 3 deletions src/AuthorizationValidators/BearerTokenValidator.php
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
use Lcobucci\JWT\Signer\Key\InMemory;
use Lcobucci\JWT\Signer\Rsa\Sha256;
use Lcobucci\JWT\Validation\Constraint\SignedWith;
use Lcobucci\JWT\Validation\Constraint\StrictValidAt;
use Lcobucci\JWT\Validation\Constraint\LooseValidAt;
use Lcobucci\JWT\Validation\Constraint\ValidAt;
use Lcobucci\JWT\Validation\RequiredConstraintsViolated;
use League\OAuth2\Server\CryptKey;
Expand Down Expand Up @@ -74,8 +74,8 @@ private function initJwtConfiguration()
);

$this->jwtConfiguration->setValidationConstraints(
\class_exists(StrictValidAt::class)
? new StrictValidAt(new SystemClock(new DateTimeZone(\date_default_timezone_get())))
\class_exists(LooseValidAt::class)
? new LooseValidAt(new SystemClock(new DateTimeZone(\date_default_timezone_get())))
: new ValidAt(new SystemClock(new DateTimeZone(\date_default_timezone_get()))),
new SignedWith(
new Sha256(),
Expand Down

0 comments on commit 9d246cf

Please sign in to comment.