From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Fri, 15 Aug 2025 10:20:16 +0000 (+0300)
Subject: lib-oauth2: jwt - Improve error logging for timestamp errors
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=df01f238f7464c24eb7fae6ea8276cbd30636c35;p=thirdparty%2Fdovecot%2Fcore.git

lib-oauth2: jwt - Improve error logging for timestamp errors
---

diff --git a/src/lib-oauth2/oauth2-jwt.c b/src/lib-oauth2/oauth2-jwt.c
index 4688796751..357b92fca2 100644
--- a/src/lib-oauth2/oauth2-jwt.c
+++ b/src/lib-oauth2/oauth2-jwt.c
@@ -503,15 +503,21 @@ oauth2_jwt_body_process(const struct oauth2_settings *set,
 	   slightly newer than this server's time. Allow 1 second difference
 	   to avoid random failures due to token being into future. */
 	if (nbf > t0 + 1) {
-		*error_r = "Token is not valid yet";
+		*error_r = t_strdup_printf(
+			"Token is not valid yet (nbf=%"PRId64" > %"PRId64")",
+			nbf, t0 + 1);
 		return -1;
 	}
 	if (iat > t0 + 1) {
-		*error_r = "Token is issued in future";
+		*error_r = t_strdup_printf(
+			"Token is issued in future (iat=%"PRId64" > %"PRId64")",
+			iat, t0 + 1);
 		return -1;
 	}
 	if (exp < t0) {
-		*error_r = "Token has expired";
+		*error_r = t_strdup_printf(
+			"Token has expired (exp=%"PRId64" < %"PRId64")",
+			exp, t0);
 		return -1;
 	}
 
diff --git a/src/lib-oauth2/test-oauth2-jwt.c b/src/lib-oauth2/test-oauth2-jwt.c
index 8366f7532b..c431006fc7 100644
--- a/src/lib-oauth2/test-oauth2-jwt.c
+++ b/src/lib-oauth2/test-oauth2-jwt.c
@@ -549,7 +549,7 @@ static void test_jwt_bad_valid_token(void)
 						&is_jwt, &error) != 0, i);
 		test_assert_idx(is_jwt == TRUE, i);
 		if (test_case->error != NULL) {
-			test_assert_strcmp(test_case->error, error);
+			test_assert(strstr(error, test_case->error) != NULL);
 		}
 		test_assert(error != NULL);
 	} T_END;