increase jwt auth max time drift to 60 seconds

per engine api spec v1.0.0.beta.3
2023-08-07 18:10:55 +07:00 · 2023-08-07 18:10:55 +07:00 · 7514cfc63f
parent 71c91e2280
commit 7514cfc63f
2 changed files with 4 additions and 4 deletions
--- a/hive_integration/nodocker/engine/auths_tests.nim
+++ b/hive_integration/nodocker/engine/auths_tests.nim
@ -10,7 +10,7 @@ import
 # JWT Authentication Related
 const
  defaultJwtTokenSecretBytes = "secretsecretsecretsecretsecretse"
-  maxTimeDriftSeconds        = 5'i64
+  maxTimeDriftSeconds        = 60'i64
  defaultProtectedHeader     = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9"

 proc base64urlEncode(x: auto): string =
--- a/nimbus/rpc/jwt_auth.nim
+++ b/nimbus/rpc/jwt_auth.nim
@ -138,15 +138,15 @@ proc verifyTokenHS256(token: string; key: JwtSharedKey): Result[void,JwtError] =
    raiseAssert "Ooops verifyTokenHS256(): name=" & $e.name & " msg=" & e.msg

  # github.com/ethereum/
-  #  /execution-apis/blob/v1.0.0-alpha.8/src/engine/authentication.md#jwt-claims
+  #  /execution-apis/blob/v1.0.0-beta.3/src/engine/authentication.md#jwt-claims
  #
  # "Required: iat (issued-at) claim. The EL SHOULD only accept iat timestamps
-  #  which are within +-5 seconds from the current time."
+  #  which are within +-60 seconds from the current time."
  #
  # https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.6 describes iat
  # claims.
  let delta = getTime().toUnix - time
-  if delta < -5 or 5 < delta:
+  if delta < -60 or 60 < delta:
    debug "Iat timestamp problem, accepted |delta| <= 5",
      delta
    return err(jwtTimeValidationError)