Bug in ADFS. OAuth access token can be requested in UTC time zone only

יום שני, ספטמבר 9, 2013

My friend Assaf Israel showed me a bug in the new ADFS version in Windows Server 2012 Preview. When calling ADFS endpoint /oauth/authorize to get an authorization token the server will call the method BeginAdd in the class Microsoft.IdentityServer.Server.ArtifactResolutionService.ArtifactService to creates an artifact with an authorization token and store it in the database. The server will set the expiration date to be UTC time + 5 min. if (DateTime.Compare(artifact.Expire,DateTime.MinValue) == 0) artifact.Expire = DateTime.UtcNow.AddSeconds((double).artifactService.LifetimeInSeconds); When calling /oauth/authorize to get an...