Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ConsentRequest should use time.Now().UTC() for ExpiresAt. #679

Closed
dimitertodorov opened this issue Dec 4, 2017 · 5 comments · Fixed by #775
Closed

ConsentRequest should use time.Now().UTC() for ExpiresAt. #679

dimitertodorov opened this issue Dec 4, 2017 · 5 comments · Fixed by #775
Assignees
@aeneasr
Labels
feat New feature or request. package/oauth2
Milestone
1.0.0-alpha.1

Comments

@dimitertodorov
Copy link

My consent requests appear to be expiring in the past.
The compare is happening here:

hydra/oauth2/consent_strategy.go

Lines 59 to 61 in df8e6eb

if time.Now().After(consent.ExpiresAt) {
return nil, errors.Errorf("Token expired")
}

I added some verbosity, and it looks like we are comparing times from different time zones.
Token expired 2017-12-04 17:01:25.2171648 -0500 EST m=+6.980766101 - 2017-12-04 17:11:22.363517 +0000 +0000"
Changing the following line to use UTC for ExpiresAt seems to fix the issue.
Before:

hydra/oauth2/consent_strategy.go

Line 114 in df8e6eb

ExpiresAt: time.Now().Add(s.DefaultChallengeLifespan),

after:

		ExpiresAt:        time.Now().UTC().Add(s.DefaultChallengeLifespan),
@aeneasr
Copy link
Member

aeneasr commented Dec 6, 2017

Does the JSON DateTime format not include time zones? I'd have to check what the convention is there, but if it's UTC then nice find! :)

@aeneasr
Copy link
Member

aeneasr commented Dec 7, 2017

Hm, the timezone should be appended, see: https://en.wikipedia.org/wiki/ISO_8601#Time_offsets_from_UTC

Any idea why that isn't happening?

@aeneasr
Copy link
Member

aeneasr commented Dec 7, 2017

So I checked this myself and it seems like UTC() should not be necessary:

package main

import (
	"encoding/json"
	"fmt"
	"time"
)

type TT struct {
	T time.Time
}

func main() {
	t, _ := time.Now().Zone()
	fmt.Printf("%s\n", t)

	out, _ := json.Marshal(&TT{T: time.Now()})
	fmt.Printf("%s\n", out)

	var tt TT
	_ = json.Unmarshal(out, &tt)
	fmt.Printf("%s", tt.T.Format(time.RFC3339))

	out, _ = json.Marshal(&TT{T: time.Now().UTC()})
	fmt.Printf("%s\n", out)

	_ = json.Unmarshal(out, &tt)
	fmt.Printf("%s", tt.T.Format(time.RFC3339))

	out, _ = json.Marshal(&TT{T: time.Now().Add(time.Hour)})
	fmt.Printf("%s\n", out)

	_ = json.Unmarshal(out, &tt)
	fmt.Printf("%s", tt.T.Format(time.RFC3339))
}

Output:

CET

{"T":"2017-12-07T22:30:59.6512843+01:00"}
2017-12-07T22:30:59+01:00

{"T":"2017-12-07T21:30:59.6517876Z"}
2017-12-07T21:30:59Z

{"T":"2017-12-07T23:30:59.652284+01:00"}
2017-12-07T23:30:59+01:00

As you can see, there does not seem to be any data loss when marshalling/unmarshalling.

Which database are you using? Maybe there's something funny going on there.

aeneasr pushed a commit that referenced this issue Dec 14, 2017
Forces use of UTC time everywhere
1dbc012 
Closes #679
@dimitertodorov
Copy link
Author

Did you actually fix consent_strategy.go?

That is the one that was giving me trouble.
Still not fixed on Master.

@aeneasr
Copy link
Member

aeneasr commented Dec 15, 2017

Looks like that one slipped through

@aeneasr aeneasr reopened this Dec 15, 2017
@aeneasr aeneasr mentioned this issue Jan 8, 2018
Closed
@aeneasr aeneasr added this to the 1.0.0-alpha1 milestone Jan 15, 2018
@aeneasr aeneasr self-assigned this Jan 15, 2018
@aeneasr aeneasr added feat New feature or request. package/oauth2 labels Jan 15, 2018
aeneasr pushed a commit that referenced this issue Feb 9, 2018
oauth2: Forces UTC in consent strategy
8705a9c 
This resolves an issue when different timezones are used between systems
by enforcing UTC everywhere.

Closes #679
@aeneasr aeneasr mentioned this issue Feb 9, 2018
Merged
aeneasr pushed a commit that referenced this issue Feb 9, 2018
@arekkas
oauth2: Forces UTC in consent strategy (#775)
7c4fd7d 
This resolves an issue when different timezones are used between systems
by enforcing UTC everywhere.

Closes #679
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aeneasr aeneasr

Labels
feat New feature or request. package/oauth2
Projects
None yet
Milestone
1.0.0-alpha.1
Development

Successfully merging a pull request may close this issue.

oauth2: Forces UTC in consent strategy ory/hydra
2 participants
@dimitertodorov @aeneasr