feat(rest): Parse JWT exp claim from token in AuthProperties#600
Open
wgtmac wants to merge 3 commits intoapache:mainfrom
Open
feat(rest): Parse JWT exp claim from token in AuthProperties#600wgtmac wants to merge 3 commits intoapache:mainfrom
wgtmac wants to merge 3 commits intoapache:mainfrom
Conversation
Member
wgtmac
commented
Mar 24, 2026
wgtmac
commented
- Implement Base64UrlDecode in TransformUtil.
- Update AuthProperties::FromProperties to parse the JWT exp claim from the token and set expires_at_millis_.
- Add expires_at_millis() getter to AuthProperties.
- Add unit tests for Base64UrlDecode and JWT expiration parsing.
- Implement Base64UrlDecode in TransformUtil. - Update AuthProperties::FromProperties to parse the JWT exp claim from the token and set expires_at_millis_. - Add expires_at_millis() getter to AuthProperties. - Add unit tests for Base64UrlDecode and JWT expiration parsing. Co-authored-by: wgtmac <4684607+wgtmac@users.noreply.github.com>
- Implement robust Base64UrlDecode in TransformUtil using unsigned integers to avoid undefined behavior. - Update AuthProperties::FromProperties to parse the JWT exp claim from the token and set expires_at_millis_. - Add expires_at_millis() getter to AuthProperties. - Add unit tests for Base64UrlDecode and JWT expiration parsing, using standard matchers and explicit type casting for Windows/MSVC compatibility. Co-authored-by: wgtmac <4684607+wgtmac@users.noreply.github.com>
- Implement robust Base64UrlDecode in TransformUtil using unsigned integers to avoid undefined behavior. - Update AuthProperties::FromProperties to parse the JWT exp claim from the token and set expires_at_millis_. - Add expires_at_millis() getter to AuthProperties. - Add unit tests for Base64UrlDecode and JWT expiration parsing. - Improve HasValue matcher to support non-matcher arguments and fix MSVC template issues by using SafeMatcherCast and DescribeMatcher. Co-authored-by: wgtmac <4684607+wgtmac@users.noreply.github.com>
lishuxu
reviewed
Mar 24, 2026
| else if (c == '-' || c == '+') | ||
| v = 62; | ||
| else if (c == '_' || c == '/') | ||
| v = 63; |
Contributor
There was a problem hiding this comment.
Base64UrlDecode accepts + and / which are standard Base64 characters, not Base64Url. This means inputs that should be rejected are silently accepted, which contradicts the function name and the error message.
Base64Url spec only uses - (62) and _ (63). + and / should fall through to the invalid character check.
Suggested fix:
else if (c == '-')
v = 62;
else if (c == '_')
v = 63;
lishuxu
reviewed
Mar 24, 2026
| try { | ||
| auto payload_json = nlohmann::json::parse(payload_decoded.value()); | ||
| if (payload_json.contains("exp") && payload_json["exp"].is_number()) { | ||
| config.expires_at_millis_ = payload_json["exp"].get<int64_t>() * 1000; |
Contributor
There was a problem hiding this comment.
is_number() returns true for both integers and floats, but get<int64_t>()
throws nlohmann::json::type_error when the value is a float (e.g. "exp": 1735689600.0).
This exception is not caught by the parse_error handler, so it would propagate
unexpectedly.
lishuxu
reviewed
Mar 24, 2026
| // Parse JWT exp claim from token to set expires_at_millis_. | ||
| if (auto token = config.token(); !token.empty()) { | ||
| auto first_dot = token.find('.'); | ||
| auto last_dot = token.find('.', first_dot + 1); |
Contributor
There was a problem hiding this comment.
nit: last_dot is a bit misleading — it could imply rfind was used.
Since JWT has exactly three parts, second_dot is more precise.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.