8654f83ed145f3be4dabd19205491b7ec5e31a64,rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java,AbstractTokenValidator,validateJwtClaims,#JwtClaims#String#boolean#,43

Before Change


            
            // If we have no expiry then we must have an issued at
            boolean issuedAtRequired = claims.getExpiryTime() == null;
            if (issuedAtRequired) {
                JwtUtils.validateJwtTTL(claims, ttl, issuedAtRequired);
            }
        }
    }

After Change


            // Otherwise: validate only if issuedAt claim is set
            boolean issuedAtRequired = 
                validateClaimsAlways || strictTimeValidation && claims.getExpiryTime() == null;
            JwtUtils.validateJwtIssuedAt(claims, clockOffset, issuedAtRequired);
            
            if (strictTimeValidation) {
                JwtUtils.validateJwtNotBefore(claims, clockOffset, strictTimeValidation);