f34d5aaadb1a06d77193bf274078fce47020a39c,rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/jwt/JwtAccessTokenUtils.java,JwtAccessTokenUtils,toAccessToken,#JwtToken#Client#String#,67

Before Change


    private static ServerAccessToken toAccessToken(JwtToken jwt, 
                                                   Client client,
                                                   String tokenId) {
        Long issuedAt = jwt.getClaims().getIssuedAt();
        Long notBefore = jwt.getClaims().getNotBefore();
        if (issuedAt == null) {
            issuedAt = System.currentTimeMillis();
            notBefore = null;

After Change


    private static ServerAccessToken toAccessToken(JwtToken jwt, 
                                                   Client client,
                                                   String tokenId) {
        JwtClaims claims = jwt.getClaims();
        validateJwtSubjectAndAudience(claims, client);
        Long issuedAt = claims.getIssuedAt();
        Long notBefore = claims.getNotBefore();