8654f83ed145f3be4dabd19205491b7ec5e31a64,rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java,AbstractTokenValidator,validateJwtClaims,#JwtClaims#String#boolean#,43
Before Change
// If we have no expiry then we must have an issued at
boolean issuedAtRequired = claims.getExpiryTime() == null;
if (issuedAtRequired) {
JwtUtils.validateJwtTTL(claims, ttl, issuedAtRequired);
}
}
}
After Change
// Otherwise: validate only if issuedAt claim is set
boolean issuedAtRequired =
validateClaimsAlways || strictTimeValidation && claims.getExpiryTime() == null;
JwtUtils.validateJwtIssuedAt(claims, clockOffset, issuedAtRequired);
if (strictTimeValidation) {
JwtUtils.validateJwtNotBefore(claims, clockOffset, strictTimeValidation);