resultJwt has exp = iat (immediately expired) if no explicit validity is passed in disclosure request
Closed this issue · 1 comments
hidde-jan commented
When I create a disclosure session jwt request and send it to the IRMA server using irmajs, after the disclosure happens and the resultJwt is retrieved, the exp field in the jwt is equal to the iat field, making the jwt expired as soon as it is issued.
If I add validity to the sprequest it adds it to the iat and it works as intended.
Example
Request JWT:
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzcHJlcXVlc3QiOnsicmVxdWVzdCI6eyJAY29udGV4dCI6Imh0dHBzOi8vaXJtYS5hcHAvbGQvcmVxdWVzdC9kaXNjbG9zdXJlL3YyIiwiZGlzY2xvc2UiOltbWyJpcm1hLWRlbW8uTWlqbk92ZXJoZWlkLmFnZUxvd2VyLm92ZXIxOCJdXV19fSwiaWF0IjoxNTgyMjc5ODE3LCJpc3MiOiJzc2ktc2VydmljZS1wcm92aWRlciIsInN1YiI6InZlcmlmaWNhdGlvbl9yZXF1ZXN0In0.K_tW_BWzTdVLg4hebmua8GFX64Qwbt_YrYif-rrZLUa3sgVbiuagEhjkqJLWNOm6wVfd056zi6dXm9WRcc6UrL3RgVizJFayVINB6o8dft_CFr7e1ffSU8W4PcukCSiVddWqtKdX8P1OqcMq2e9atyUt2KeWwndMM65eXxtST4ommGZBaiHGcIPM5uFZf9fGFnmxK11gKXE8mKoi0bX8UN-jHhG0pI6qYkATrzv1YwhOLwqz9hcMVMOnxLiQB0u1CJJ6g4nmfwBvTg-Sl59w3TJWUtz48nTJpnGyzeUdDu819hayydPDD0YV2brjmtNtWmJCQNvfwvwLiBUn2WeU2y8EuQknfif0Ol8TDu05QUlf1edULdJr3m6L-MRqIHN24CJaUSevVH50nFAp-FQUISr1GDzbl8uoUw2-s0vg4bdG8YFAJnDvKLs3R687skmA-t2C6QABQDdYxEta8_9TPuRrs9YFrQbX-ddg4bsQPW3vHmxHrM4JMKswPHc9cfHqoOw4llT2PXBkuusDQf5Cg7tKk084GKalX1fTVEb3WlWs9C1l_HVh7bx66nC23kVlDelwy8hyiIw88VM8oBFefm_LEod6DV3I8ZMjgCZh0Dzhhp0MxdntoESvOWMoHlc0_a-i7ixpurWxqiZv1k7jorkFsgBxS2ah9XxUX6Unvcc
Request JWT payload:
{
"sprequest": {
"request": {
"@context": "https://irma.app/ld/request/disclosure/v2",
"disclose": [
[
[
"irma-demo.MijnOverheid.ageLower.over18"
]
]
]
}
},
"iat": 1582279817,
"iss": "ssi-service-provider",
"sub": "verification_request"
}Result JWT:
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1ODIyNzg1NzAsImlhdCI6MTU4MjI3ODU3MCwiaXNzIjoiaXJtYXNlcnZlciIsInN1YiI6ImRpc2Nsb3NpbmdfcmVzdWx0IiwidG9rZW4iOiJpVEFOQlhjcUxlZVNnV0xiRlQ2YSIsInN0YXR1cyI6IkRPTkUiLCJ0eXBlIjoiZGlzY2xvc2luZyIsInByb29mU3RhdHVzIjoiVkFMSUQiLCJkaXNjbG9zZWQiOltbeyJyYXd2YWx1ZSI6InllcyIsInZhbHVlIjp7IiI6InllcyIsImVuIjoieWVzIiwibmwiOiJ5ZXMifSwiaWQiOiJpcm1hLWRlbW8uTWlqbk92ZXJoZWlkLmFnZUxvd2VyLm92ZXIxOCIsInN0YXR1cyI6IlBSRVNFTlQiLCJpc3N1YW5jZXRpbWUiOjE1ODA5NDcyMDB9XV19.fAAErAwKkrXD8B9lLv-00FlG_VFAtSp5RgF3KYAo9b9hlWp7O3dmgK2eYTcoFs5EZa4ib6gfD4ADmIdrPQJxkE_vr2PwqLyGPfePc6oiOPFft4hhiMLlldbZV4q-btksHZadznCS3n2ibP2kqT8bR3ehbwXXOmCtc3-8_SDzb1LHpSr-9Ns44OBF7NDnfCMlvkYXckF28QtxYONwQaaGU_Ge795s0OuepgJgGljVtiKtWGe6odrA0Y1FuTzB_xn21IXznembBn-BlNhhRKaiWDjDbDTHibz5Euorz9m9Naqik55lz-Wb5b7sgwN1abNFzs9zzYrGEO-iePh1tDmyH8ORO8n9snZZZSclkGcHij6F8eChzmZEtj4-a9Onxz_FalY834rY0T5_m6EGypyrfLnha9zcpbmuib_tCTNyDWs4ztXlt4MpsBcD8ED0ERsd6OYzo7_TdK-MAhFW6wyDHd6-Xk90wG-xKmCB0gM4qOwIMncX0Zpra1NJFIHzQx8PAYLTR3FWTUvNQhMAM5Fsgjf88vi9kbJakz1mpArX8oqbDugiBv_00M1KCd5E4JPM4JjRnYwc4T7o75En7e_5Q4MdC9zHpodDCBskHMlqV3X3J32amA9oCKtVC0G_M93VqhLuJzX_y4g2qjg0YelySic4XCNmnuz4jJpih232R4E
Result jwt payload:
{
"exp": 1582278570,
"iat": 1582278570,
"iss": "irmaserver",
"sub": "disclosing_result",
"token": "iTANBXcqLeeSgWLbFT6a",
"status": "DONE",
"type": "disclosing",
"proofStatus": "VALID",
"disclosed": [
[
{
"rawvalue": "yes",
"value": {
"": "yes",
"en": "yes",
"nl": "yes"
},
"id": "irma-demo.MijnOverheid.ageLower.over18",
"status": "PRESENT",
"issuancetime": 1580947200
}
]
]
}Environment
- Latest debian docker image
-
$ irma version IRMA toolkit v0.4.1 Documentation: https://irma.app/docs Version: 0.4.1 OS/Arg: linux/amd64
- production mode
- jwt priv key set
- requestors set with public key authmethod
sietseringers commented
Thanks for the report! Sorry for getting back so very late, but this has now been fixed in master. The fix will be included in the next release.