fix: don't report error that token used before issued

h/t dgrijalva/jwt-go#314 (comment) Signed-off-by: Manfred Touron <[email protected]>
pathwar · Sep 10, 2021 · b97d322 · b97d322
1 parent a21a948
commit b97d322
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/go/pkg/pwsso/token.go b/go/pkg/pwsso/token.go
@@ -40,7 +40,11 @@ func TokenWithClaims(bearer string, pubkey interface{}, allowUnsafe bool) (*jwt.
 			}
 			return token, claims, nil
 		}
-		return nil, nil, errcode.ErrSSOInvalidBearer.Wrap(err)
+
+		e, ok := err.(*jwt.ValidationError)
+		if !ok || (ok && e.Errors&jwt.ValidationErrorIssuedAt == 0) { // don't report error that token used before issued.
+			return nil, nil, errcode.ErrSSOInvalidBearer.Wrap(err)
+		}
 	}
 	return token, claims, nil
 }