Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(backend): Increase the default value for clock skew in verifyJwt from 2 to 5 seconds #1428

Merged
merged 2 commits into from
Jun 29, 2023
Merged

feat(backend): Increase the default value for clock skew in verifyJwt from 2 to 5 seconds #1428

merged 2 commits into from
Jun 29, 2023

Conversation

anagstef
Copy link
Member

Type of change

  • 🐛 Bug fix
  • 🌟 New feature
  • 🔨 Breaking change
  • 📖 Refactoring / dependency upgrade / documentation
  • other:

Packages affected

  • @clerk/clerk-js
  • @clerk/clerk-react
  • @clerk/nextjs
  • @clerk/remix
  • @clerk/types
  • @clerk/themes
  • @clerk/localizations
  • @clerk/clerk-expo
  • @clerk/backend
  • @clerk/clerk-sdk-node
  • @clerk/shared
  • @clerk/fastify
  • @clerk/chrome-extension
  • gatsby-plugin-clerk
  • build/tooling/chore

Description

  • npm test runs as expected.
  • npm run build runs as expected.

This change will make the verifyJwt function to be more tolerant by default to clock skew, increasing it from 2 seconds to 5 seconds.

@anagstef anagstef requested a review from dimkl June 28, 2023 11:48
@changeset-bot
Copy link

changeset-bot bot commented Jun 28, 2023
edited
Loading

🦋 Changeset detected

Latest commit: baabe13

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 6 packages
Name Type
@clerk/backend Patch
@clerk/fastify Patch
gatsby-plugin-clerk Patch
@clerk/nextjs Patch
@clerk/remix Patch
@clerk/clerk-sdk-node Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

jit-ci[bot]
jit-ci bot reviewed Jun 28, 2023
View reviewed changes
Copy link

@jit-ci jit-ci bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Great news! Jit hasn't found any security issues in your PR. Good Job! 🏆

panteliselef
panteliselef approved these changes Jun 28, 2023
View reviewed changes
Copy link
Member

@panteliselef panteliselef left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I went through the ticket, this looks 💯

@dimkl
Copy link
Contributor

dimkl commented Jun 28, 2023

❓ why is this a minor and not a patch version?

@nikosdouvlis
Copy link
Member

❓ why is this a minor and not a patch version?

This should be a patch version.

@nikosdouvlis nikosdouvlis merged commit 5957a3d into main Jun 29, 2023
@nikosdouvlis nikosdouvlis deleted the stefanos/js-427-authmiddleware-doesnt-handle-clock-skew-correctly-causing branch June 29, 2023 08:44
@clerk-cookie clerk-cookie mentioned this pull request Jun 29, 2023
Merged
@clerk-cookie
Copy link
Collaborator

This PR has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@clerk clerk locked as resolved and limited conversation to collaborators Jun 29, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jit-ci jit-ci[bot] jit-ci[bot] left review comments

@panteliselef panteliselef panteliselef approved these changes

@dimkl dimkl dimkl approved these changes

@SokratisVidros SokratisVidros SokratisVidros approved these changes

@nikosdouvlis nikosdouvlis Awaiting requested review from nikosdouvlis

Assignees
No one assigned
Labels
backend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@anagstef @dimkl @nikosdouvlis @clerk-cookie @SokratisVidros @panteliselef