From: s3lph <5564491+s3lph@users.noreply.github.com>
Date: Mon, 7 Jun 2021 22:35:13 +0000 (+0200)
Subject: lib-oauth2-jwt: Remove 'nbf < iat' check, as it's not mandated by RFC7519, and not... 
X-Git-Tag: 2.3.17~169
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f3bef96857ce955729e3e3f954571cf8422cbf0e;p=thirdparty%2Fdovecot%2Fcore.git

lib-oauth2-jwt: Remove 'nbf < iat' check, as it's not mandated by RFC7519, and not uncommon to predate the nbf field
---

diff --git a/src/lib-oauth2/oauth2-jwt.c b/src/lib-oauth2/oauth2-jwt.c
index 8f3eca41df..ec7ad46d4a 100644
--- a/src/lib-oauth2/oauth2-jwt.c
+++ b/src/lib-oauth2/oauth2-jwt.c
@@ -394,8 +394,7 @@ oauth2_jwt_body_process(const struct oauth2_settings *set, const char *alg,
 	}
 
 	/* ensure token dates are not conflicting */
-	if (nbf < iat ||
-	    exp < iat ||
+	if (exp < iat ||
 	    exp < nbf) {
 		*error_r = "Token time values are conflicting";
 		return -1;