Remove issued_at value check #274
Conversation
| @@ -68,14 +68,6 @@ void verify(@NonNull JWT token, @NonNull IdTokenVerificationOptions verifyOption | |||
| throw new TokenValidationException("Issued At (iat) claim must be a number present in the ID token"); | |||
| } | |||
|
|
|||
| cal.setTime(token.getIssuedAt()); | |||
There was a problem hiding this comment.
Having a single mutable calendar object and then setting it to different values betweet tests seems quite an unusual pattern. Is this normal in Java?
There was a problem hiding this comment.
Think of Calendar as a "dates calculator". It's easier to do math operations on a Calendar than a Date instance. Note though that once the math is done, an instance of Date is obtained from that Calendar for comparison against another one.
There was a problem hiding this comment.
I get why the Calendar object is being used - it's the re-use for multiple calculations that seems odd.
There was a problem hiding this comment.
I've always seen it being used like this, at least for when the min JDK is 7. Calendar is already a heavy object. There's no harm in re-using it and is better than creating multiple instances.
Changes
The ID Token
iatclaim value check should be optional.Testing
Please describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. Since this library has unit testing, tests should be added for new functionality and existing tests should complete without errors.
This change adds unit test coverage
This change adds integration test coverage
This change has been tested on the latest version of the platform/language or why not
Checklist
I have read the Auth0 general contribution guidelines
I have read the Auth0 Code of Conduct
All existing and new tests complete without errors