lib-oauth2: Allow nbf and iat to be 0

Some implementations set these intentionally to 0.

diff --git a/src/lib-oauth2/oauth2-jwt.c b/src/lib-oauth2/oauth2-jwt.c
index 29c6fa55230b2811418707098806c103c821a171..a837297ae30126918aa7f2418116e821e3674516 100644 (file)
--- a/src/lib-oauth2/oauth2-jwt.c
+++ b/src/lib-oauth2/oauth2-jwt.c
@@ -295,13 +295,13 @@ oauth2_jwt_body_process(ARRAY_TYPE(oauth2_field) *fields, struct json_tree *tree
        if ((ret = get_time_field(tree, "nbf", &nbf)) < 0) {
                *error_r = "Malformed 'nbf' field";
                return -1;
-       } else if (ret == 0)
+       } else if (ret == 0 || nbf == 0)
                nbf = t0;
 
        if ((ret = get_time_field(tree, "iat", &iat)) < 0) {
                *error_r = "Malformed 'iat' field";
                return -1;
-       } else if (ret == 0)
+       } else if (ret == 0 || iat == 0)
                iat = t0;
 
        if (nbf > t0) {

diff --git a/src/lib-oauth2/test-oauth2-jwt.c b/src/lib-oauth2/test-oauth2-jwt.c
index 7685cb2eb7c2112e0348d51b362ab7668a3042f7..31698b3cdc7463e63c52252e9ff70cefc2d7f15f 100644 (file)
--- a/src/lib-oauth2/test-oauth2-jwt.c
+++ b/src/lib-oauth2/test-oauth2-jwt.c
@@ -442,6 +442,17 @@ static void test_jwt_dates(void)
        sign_jwt_token_hs256(tokenbuf, hs_sign_key);
        test_jwt_token(str_c(tokenbuf));
 
+       str_truncate(tokenbuf, 0);
+        base64url_encode_str("{\"alg\":\"HS256\",\"typ\":\"JWT\"}", tokenbuf);
+       str_append_c(tokenbuf, '.');
+       base64url_encode_str(t_strdup_printf("{\"sub\":\"testuser\","
+                                            "\"exp\":%"PRIdTIME_T","
+                                            "\"nbf\":0,\"iat\":%"PRIdTIME_T"}",
+                                            exp, iat),
+                            tokenbuf);
+       sign_jwt_token_hs256(tokenbuf, hs_sign_key);
+       test_jwt_token(str_c(tokenbuf));
+
        test_end();
 }