Hi, I have a Jira Glance that seems to be sending an expired JWT Token through on page load. I check the expiry date for all other page loads and rest calls and don’t get an expired token for any of those. For example one that happened today logged the expire date and today’s datetime as:
Date Expires=Mon Aug 10 21:24:07 UTC 2020, Date Time=Mon Aug 10 21:48:31 UTC 2020
I’m using nimbusds for checking the expiry date
JWTClaimsSet claims = signedJWT.getJWTClaimsSet();
Date expirationTime = claims.getExpirationTime();
boolean expired = expirationTime == null || expirationTime.before(new Date());
if(expired) {
...
I’ve only just added this check for page loads. The logging shows it as a continuous feed of these errors so it doesn’t seem to be a bug bounty user.
Thanks
Paul