Skip to content

test(l1): verify we reject invalid iat claims. #5245

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

test(l1): verify we reject invalid iat claims. #5245

wants to merge 8 commits into from

Conversation

@lakshya-sky
Copy link

@lakshya-sky lakshya-sky commented Nov 8, 2025
edited
Loading

Motivation

jsonwebtoken crate doesn't validate iat claims even if we explicitly ask it, hence we needed tests.

Description

Added unit tests to correctly reject invalid iat claims.

Closes #5074

@lakshya-sky lakshya-sky requested a review from a team as a code owner November 8, 2025 19:46
@lakshya-sky lakshya-sky changed the title tests to verify that out jwt authentication works correctly. tests to verify we reject invalid iat claims. Nov 8, 2025
@lakshya-sky lakshya-sky changed the title tests to verify we reject invalid iat claims. test: verify we reject invalid iat claims. Nov 9, 2025
@lakshya-sky lakshya-sky changed the title test: verify we reject invalid iat claims. test(l1): verify we reject invalid iat claims. Nov 9, 2025
@MegaRedHand MegaRedHand added the L1 Ethereum client label Nov 10, 2025
@MegaRedHand MegaRedHand moved this to In Review in ethrex_l1 Nov 10, 2025
mpaulucci
mpaulucci approved these changes Nov 10, 2025
View reviewed changes
Copy link
Collaborator

@mpaulucci mpaulucci left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Oppen
Copy link
Contributor

Oppen commented Nov 11, 2025

Are the tests running? They should fail, given the documented behavior of the library.

@lakshya-sky
Copy link
Author

lakshya-sky commented Nov 11, 2025
edited
Loading

Hey @Oppen, yes tests are running here at https://github.com/lambdaclass/ethrex/actions/runs/19242301387/job/55007724747?pr=5245#step:5:843

As you can see when deserialize the claims part of the token we expect iat claim, if its not there it would throw error. When iat is available and its value is not within 60s range then we throw error.
So its safe to assume that we are checking it correctly.

If the library were to check the iat claims it would do the same as we are doing it here.

@Oppen
Copy link
Contributor

Oppen commented Nov 13, 2025

Hey @Oppen, yes tests are running here at https://github.com/lambdaclass/ethrex/actions/runs/19242301387/job/55007724747?pr=5245#step:5:843

As you can see when deserialize the claims part of the token we expect iat claim, if its not there it would throw error. When iat is available and its value is not within 60s range then we throw error. So its safe to assume that we are checking it correctly.

If the library were to check the iat claims it would do the same as we are doing it here.

Yes, a teammate showed me it's being checked externally. Not obvious, but it works.

@mpaulucci mpaulucci enabled auto-merge November 13, 2025 18:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Oppen Oppen Oppen approved these changes

@mpaulucci mpaulucci mpaulucci approved these changes

Assignees

No one assigned

Labels

L1 Ethereum client

Projects

ethrex_l1
Status: In Review

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Test jwt claims are correctly validated

4 participants

@lakshya-sky @Oppen @mpaulucci @MegaRedHand