sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-04-18 16:26:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

[client] Fix SSH JWT auth failure with Azure Entra ID iat backdating (#5471)

Browse Source 
Increase DefaultJWTMaxTokenAge from 5 to 10 minutes to accommodate
identity providers like Azure Entra ID that backdate the iat claim
by up to 5 minutes, causing tokens to be immediately rejected.

Fixes #5449

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hbzhost
2026-03-04 06:11:14 -07:00
committed by GitHub
parent b3bbc0e5c6
commit cfc7ec8bb9
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
client/ssh/server/server.go
View File

@@ -46,8 +46,10 @@ const (
cmdSFTP = "<sftp>" cmdSFTP = "<sftp>"
cmdNonInteractive = "<idle>" cmdNonInteractive = "<idle>"
// DefaultJWTMaxTokenAge is the default maximum age for JWT tokens accepted by the SSH server // DefaultJWTMaxTokenAge is the default maximum age for JWT tokens accepted by the SSH server.
DefaultJWTMaxTokenAge = 5 * 60 // Set to 10 minutes to accommodate identity providers like Azure Entra ID
// that backdate the iat claim by up to 5 minutes.
DefaultJWTMaxTokenAge = 10 * 60
) )
var ( var (