Ability to return UTC times in token responses?

  • Hello!

    I’m working on integrating this plugin to connect with third-party services using OIDC, and we’re discovering that the token issue and expiration dates are being returned based on the WordPress application timezone. The third-party service in this case is using UTC for its base time, so access tokens, refresh tokens, and id tokens are coming back expired as soon as they’re issued.

    I dug through the code a little bit and found the wo_jwt_token filter that allowed me to convert those timestamps to UTC in the response (but keep them the same in the local database), but it doesn’t appear that there’s a similar filter for refresh tokens or id tokens. WPOAuth2\ResponseType\JwtAccessToken::createAccessToken also sets the expiration time for the refresh token on line 107 of the class file before passing it to the Storage object, but that expiration data is not wrapped in a filter.

    Similarly, WPOAuth2\OpenID\ResponseType\IdToken::createIdToken sets times for iat and exp using the WordPress current time, and those values are not filtered.

    Would it be possible to develop a solution to this? Some options would be:
    – Wrapping the expiration for the token expiration in a filter so that the return timestamp can be modified as it is with the wo_jwt_token filter.
    – Creating a setting on a per-client basis that allows administrators to select the correct timezone for clients, with UTC as the default since it’s likely that’s the basis for most implementations.
    – Some other approach I’m not considering?

    In the meantime, please let me know if there exists another way to change this value that I’m not seeing, and/or proposed solutions to this problem.

    Thank you for developing this wonderful plugin!

    • This topic was modified 3 years, 4 months ago by Jeremy Ward.
    • This topic was modified 3 years, 4 months ago by Jeremy Ward.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter Jeremy Ward

    (@jmichaelward)

    Good morning! I’m following up on this issue to see whether you have some advice/suggestions for how to approach the timezone issue with regard to expiration times in tokens. Thanks!

    Thread Starter Jeremy Ward

    (@jmichaelward)

    Hi @justingreerbbi,

    I’m responding once more in the hopes that I can get a response. Since we need to move forward with our integration, I’ve modified the plugin code directly to continue with our testing, knowing that of course we’ll lose these changes should we ever upgrade the plugin in the future. Toward that end, I’m wondering whether we could collaborate on an approach that would meet our third-party needs while also enhancing the plugin itself.

    As I mentioned before, I’m filtering wo_jwt_token to convert the iat and exp values of the access_token into UTC. Since I need the same values converted in the id_token, I’ve updated line 54 of library/WPOAuth2/OpenID/ResponseType/IdToken.php to be wrapped in the same filter.

    Would you be able to include this change in your next release so that those values can be filtered, as well, and I won’t have to worry about changing our integration when we update? Alternately, if you have different suggestions for ways to approach this issue, I’d welcome them. A better approach might be to pass a filtered timezone to each call to WordPress’s current_time so that we get the token back in the desired timezone, passing 0 as the default to avoid breaking previous integrations.

    I appreciate any attention you can give to this matter, but I understand if you’re unable to provide additional support.

    Thanks!

    • This reply was modified 3 years, 3 months ago by Jeremy Ward.
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Ability to return UTC times in token responses?’ is closed to new replies.