Expired JWT Token being sent for Jira Glance

Hi, I have a Jira Glance that seems to be sending an expired JWT Token through on page load. I check the expiry date for all other page loads and rest calls and don’t get an expired token for any of those. For example one that happened today logged the expire date and today’s datetime as:

Date Expires=Mon Aug 10 21:24:07 UTC 2020, Date Time=Mon Aug 10 21:48:31 UTC 2020

I’m using nimbusds for checking the expiry date

JWTClaimsSet claims = signedJWT.getJWTClaimsSet();
Date expirationTime = claims.getExpirationTime();
boolean expired = expirationTime == null || expirationTime.before(new Date());
if(expired) {
  ...

I’ve only just added this check for page loads. The logging shows it as a continuous feed of these errors so it doesn’t seem to be a bug bounty user.

Thanks
Paul

1 Like

I think it might be related to what we observe.

Reported at https://ecosystem.atlassian.net/browse/ACJIRA-1643

Thanks for that @jack, Although it would have been nicer if there was a fix in the pipeline :slight_smile:

Thanks
Paul