Skip to content

Commit a966613

Browse files
gr2mgr2m
authored
fix(JWT): set iat to -30s as described in README(#18)
1 parent 31e2fb9 commit a966613

File tree

2 files changed

+8
-4
lines changed

2 files changed

+8
-4
lines changed

src/get-app-authentication.ts

+6-2
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,11 @@
11
import jsonwebtoken from "jsonwebtoken";
22

33
export function getAppAuthentication(id: number, privateKey: string) {
4-
const now = Math.floor(Date.now() / 1000);
4+
// When creating a JSON Web Token, it sets the "issued at time" (iat) to 30s
5+
// in the past as we have seen people running situations where the GitHub API
6+
// claimed the iat would be in future. It turned out the clocks on the
7+
// different machine were not in sync.
8+
const now = Math.floor(Date.now() / 1000) - 30;
59
const expiration = now + 60 * 10; // JWT expiration time (10 minute maximum)
610
const payload = {
711
iat: now, // Issued at time
@@ -17,6 +21,6 @@ export function getAppAuthentication(id: number, privateKey: string) {
1721
type: "app",
1822
token: JWT,
1923
appId: id,
20-
expiresAt: new Date(expiration).toISOString()
24+
expiresAt: new Date(expiration * 1000).toISOString()
2125
};
2226
}

test/index.test.ts

+2-2
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ x//0u+zd/R/QRUzLOw4N72/Hu+UG6MNt5iDZFCtapRaKt6OvSBwy8w==
3434
-----END RSA PRIVATE KEY-----`;
3535
// see https://runkit.com/gr2m/reproducable-jwt
3636
const BEARER =
37-
"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjAsImV4cCI6NjAwLCJpc3MiOjF9.UYfZtE742hkMV5cKMwp6-gVUvsWnUGoCQkl2UZZEkN8-lgvqzq5V8e5KtTrJxAAgcK7Yn1ViAlDUpwc9hZxrZ-gLaR10GR2hubte3OgkRDH-m_lCQ1Sgb9VQpZnagh_PMyRwphOw3uDXU3D7h2jL86UP3Ora8i9SRgXLq8X_2R9jtr2FDT1wtmcOLdyIc0Q7c_4X1uIPNjZS2UY04QBT7VWePk81EGdJAVQ_nEygXIuWOpMwZvtD0K1hzqQQM9GyV2QOwFSvFLtdbMVyld6Qvs8eEA5VS6Y4vTrGuyUF_lH5XlPdfAFAyrzsGP4inLq3tq6y4mjsx3YIF0P8DcMNPw";
37+
"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOi0zMCwiZXhwIjo1NzAsImlzcyI6MX0.q3foRa78U3WegM5PrWLEh5N0bH1SD62OqW66ZYzArp95JBNiCbo8KAlGtiRENCIfBZT9ibDUWy82cI4g3F09mdTq3bD1xLavIfmTksIQCz5EymTWR5v6gL14LSmQdWY9lSqkgUG0XCFljWUglEP39H4yeHbFgdjvAYg3ifDS12z9oQz2ACdSpvxPiTuCC804HkPVw8Qoy0OSXvCkFU70l7VXCVUxnuhHnk8-oCGcKUspmeP6UdDnXk-Aus-eGwDfJbU2WritxxaXw6B4a3flTPojkYLSkPBr6Pi0H2-mBsW_Nvs0aLPVLKobQd4gqTkosX3967DoAG8luUMhrnxe8Q";
3838

3939
let clock: Clock;
4040
beforeEach(() => {
@@ -53,7 +53,7 @@ test("README example for app auth", async () => {
5353
type: "app",
5454
token: BEARER,
5555
appId: 1,
56-
expiresAt: "1970-01-01T00:00:00.600Z"
56+
expiresAt: "1970-01-01T00:09:30.000Z"
5757
});
5858
});
5959

0 commit comments

Comments
 (0)