id_token validity not correctly evaluated
Hi,
id_token validity not correctly evaluated:
in Portal/Lib/OpenIDConnect.pm
before:
sub checkIDTokenValidity {
[...]
my $auth_time = $id_token->{auth_time};
if ($max_age) {
unless ($auth_time) {
$self->logger->error("Auth time was not returned by OP $op");
return 0;
}
if ( $auth_time + $max_age > time ) {
after:
sub checkIDTokenValidity {
[...]
my $auth_time = $id_token->{auth_time};
if ($max_age) {
unless ($auth_time) {
$self->logger->error("Auth time was not returned by OP $op");
return 0;
}
if ( time > $auth_time + $max_age ) {
Explanation: the current time should be before the max_time (max_time = $auth_time + $max_age) The test above is the error case, so we should test the contrary.