From 462a83456f385a9fa2183fb4aa81141f99c31cae Mon Sep 17 00:00:00 2001
From: Amaury Chamayou <amchamay@microsoft.com>
Date: Wed, 11 Jan 2023 18:22:28 +0000
Subject: [PATCH] Test impact of adding claims to JWT

---
 tests/infra/jwt_issuer.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/tests/infra/jwt_issuer.py b/tests/infra/jwt_issuer.py
index c8f11df42f62..22e1f511f296 100644
--- a/tests/infra/jwt_issuer.py
+++ b/tests/infra/jwt_issuer.py
@@ -184,7 +184,16 @@ def start_openid_server(self, port=0, kid=TEST_JWT_KID):
         return self.server
 
     def issue_jwt(self, kid=TEST_JWT_KID, claims=None):
-        return infra.crypto.create_jwt(claims or {}, self.key_priv_pem, kid)
+        claims = claims or {}
+        # JWT times format NumericDate, which is a JSON numeric value counting seconds sine the epoch
+        now = int(time.time())
+        if "nbf" not in claims:
+            # Insert default Not Before claim, valid from ~10 seconds ago
+            claims["nbf"] = now - 10
+        if "exp" not in claims:
+            # Insert default Expiration Time claim, valid for ~1hr
+            claims["exp"] = now + 3600
+        return infra.crypto.create_jwt(claims, self.key_priv_pem, kid)
 
     def wait_for_refresh(self, network, kid=TEST_JWT_KID):
         timeout = self.refresh_interval * 3