Skip to content

Commit 296fa38

Browse files
committed
feat: add ignoreExpiration config to optionally bypass JWT expiration validation
1 parent b0043f2 commit 296fa38

File tree

4 files changed

+13
-1
lines changed

4 files changed

+13
-1
lines changed

apps/custom-issuer/.env.example

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,3 +35,6 @@ PORT=3000
3535
# If not set, CORS will be disabled (no cross-origin requests allowed)
3636
# Example: http://localhost:3000,https://example.com,https://app.example.com
3737
ALLOWED_ORIGINS=
38+
39+
# If set to true, the service will not check the expiration time of incoming JWTs
40+
IGNORE_EXPIRATION=

apps/custom-issuer/src/config/issuer.config.ts

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,13 +3,15 @@ export type IssuerConfig = {
33
validationPublicKeyUrl: string;
44
validationIssuerUrl: string;
55
issuerUrl: string;
6+
ignoreExpiration: boolean;
67
};
78

89
export default (): IssuerConfig => {
910
const keyBase64 = process.env.KEY_BASE64;
1011
const validationPublicKeyUrl = process.env.VALIDATION_PUBLIC_KEY_URL;
1112
const validationIssuerUrl = process.env.VALIDATION_ISSUER_URL;
1213
const issuerUrl = process.env.ISSUER_URL;
14+
const ignoreExpiration = process.env.IGNORE_EXPIRATION === "true";
1315

1416
if (!keyBase64 || keyBase64.trim() === "") {
1517
throw new Error(
@@ -57,5 +59,6 @@ export default (): IssuerConfig => {
5759
validationPublicKeyUrl: validationPublicKeyUrl.trim(),
5860
validationIssuerUrl: validationIssuerUrl.trim(),
5961
issuerUrl: issuerUrl.trim(),
62+
ignoreExpiration,
6063
};
6164
};

apps/custom-issuer/src/modules/issuer/issuer.service.ts

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ import { Config } from "../../config";
1111
export class IssuerService {
1212
private readonly issuerUrl: string;
1313
private readonly validationIssuerUrl: string;
14+
private readonly ignoreExpiration: boolean;
1415

1516
constructor(
1617
private readonly keyService: KeyService,
@@ -33,6 +34,7 @@ export class IssuerService {
3334

3435
this.issuerUrl = issuerConfig.issuerUrl;
3536
this.validationIssuerUrl = issuerConfig.validationIssuerUrl;
37+
this.ignoreExpiration = issuerConfig.ignoreExpiration;
3638
}
3739

3840
async issueToken(inputJwt: string, signPayload: number[]): Promise<string> {
@@ -48,6 +50,7 @@ export class IssuerService {
4850
try {
4951
return jwt.verify(inputJwt, publicKey, {
5052
algorithms: [JWT_ALGORITHM],
53+
ignoreExpiration: this.ignoreExpiration,
5154
}) as jwt.JwtPayload;
5255
} catch (_) {}
5356
}
@@ -61,7 +64,9 @@ export class IssuerService {
6164

6265
this.validateSubject(sub);
6366
this.validateIssuer(iss);
64-
this.validateTimeClaims(exp, nbf);
67+
if (!this.ignoreExpiration) {
68+
this.validateTimeClaims(exp, nbf);
69+
}
6570

6671
return { sub, exp, nbf, fatxn: signPayload };
6772
}

infra/chart/values/staging.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,7 @@ customIssuer:
4949
validationIssuerUrl: VALIDATION_ISSUER_URL
5050
issuerUrl: ISSUER_URL
5151
allowedOrigins: ALLOWED_ORIGINS
52+
ignoreExpiration: IGNORE_EXPIRATION
5253

5354
attester:
5455
enabled: true

0 commit comments

Comments
 (0)