Add missing time in validation.

2019-03-11 11:12:47 -07:00 · 2019-03-11 11:12:47 -07:00 · dce3100cfb
commit dce3100cfb
parent fb279c89fb
2 changed files with 3 additions and 1 deletions
--- a/authority/provisioner/jwk.go
+++ b/authority/provisioner/jwk.go
@ -32,7 +32,7 @@ func (p *JWK) GetID() string {
 	return p.Name + ":" + p.Key.KeyID
 }

-// GetName returns the name of the provisioner
+// GetName returns the name of the provisioner.
 func (p *JWK) GetName() string {
 	return p.Name
 }
@ -80,6 +80,7 @@ func (p *JWK) Authorize(token string) ([]SignOption, error) {
 	// more than a few minutes.
 	if err = claims.ValidateWithLeeway(jose.Expected{
 		Issuer: p.Name,
+		Time:   time.Now().UTC(),
 	}, time.Minute); err != nil {
 		return nil, errors.Wrapf(err, "invalid token")
 	}
--- a/authority/provisioner/oidc.go
+++ b/authority/provisioner/oidc.go
@ -111,6 +111,7 @@ func (o *OIDC) ValidatePayload(p openIDPayload) error {
 	if err := p.ValidateWithLeeway(jose.Expected{
 		Issuer:   o.configuration.Issuer,
 		Audience: jose.Audience{o.ClientID},
+		Time:     time.Now().UTC(),
 	}, time.Minute); err != nil {
 		return errors.Wrap(err, "failed to validate payload")
 	}