kratos
kratos copied to clipboard
ory
Date format for different routes returns different result.
Preflight checklist
- [X] I could not find a solution in the existing issues, docs, nor discussions.
- [X] I agree to follow this project's Code of Conduct.
- [X] I have read and am following this repository's Contribution Guidelines.
- [ ] This issue affects my Ory Cloud project.
- [X] I have joined the Ory Community Slack.
- [ ] I am signed up to the Ory Security Patch Newsletter.
Describe the bug
Hello Ory Team, I was looking for documentation what is the correct date format that Ory uses. It looks like it's using the ISO8601 RFC3339 according to the documentation. But for some reason the format that I was getting for the route {{baseUrl}}/self-service/login/api is returning a date in this format which is not considered part of RFC3339 yyyy-MM-dd'T'HH:mm:ss.SSSSSSSSSXXX. The milliseconds are usually 3 digits only and not 9.
"expires_at": "2022-07-29T20:36:56.118454172Z", "issued_at": "2022-07-29T20:26:56.118454172Z",
However, other routes are returning in the correct format such as this route {{baseUrl}}/self-service/login?flow={{login_flow_id}} which returns the format 'yyyy-MM-dd'T'HH:mm:ssXXX' which is a valid date format. It doesn't return the milliseconds though.
"expires_at": "2022-07-29T20:36:56Z", "issued_at": "2022-07-29T20:26:56Z",
The issue here is can we have only one proper date formatter that gets returned in the entire application to avoid multiple decoders for the given date formats? Thank you. Unfortunately I am using swift and swift is strict to this type of cases.
Reproducing the bug
Version 0.10.1
Step 1. Make a request for Initialize Login Flow for API that returns 200. The model being returned is the SelfServiceLoginFlow. Step 2. Check all dates such as created_at, updated_at, expired_at is returning a wrong format.
Relevant log output
{
"id": "6631bf9c-3c67-4d5d-98e4-1e4e462c57a2",
"type": "api",
"expires_at": "2022-07-29T20:36:56.118454172Z",
"issued_at": "2022-07-29T20:26:56.118454172Z",
"request_url": "http://localhost/self-service/login/api?refresh=true",
"ui": {
"action": "http://localhost/self-service/login?flow=6631bf9c-3c67-4d5d-98e4-1e4e462c57a2",
"method": "POST",
"nodes": [
{
"type": "input",
"group": "default",
"attributes": {
"name": "csrf_token",
"type": "hidden",
"value": "",
"required": true,
"disabled": false,
"node_type": "input"
},
"messages": [],
"meta": {}
},
{
"type": "input",
"group": "default",
"attributes": {
"name": "identifier",
"type": "hidden",
"value": "jcbriones",
"disabled": false,
"node_type": "input"
},
"messages": [],
"meta": {}
},
{
"type": "input",
"group": "password",
"attributes": {
"name": "password",
"type": "password",
"required": true,
"disabled": false,
"node_type": "input"
},
"messages": [],
"meta": {
"label": {
"id": 1070001,
"text": "Password",
"type": "info"
}
}
},
{
"type": "input",
"group": "password",
"attributes": {
"name": "method",
"type": "submit",
"value": "password",
"disabled": false,
"node_type": "input"
},
"messages": [],
"meta": {
"label": {
"id": 1010001,
"text": "Sign in",
"type": "info",
"context": {}
}
}
}
],
"messages": [
{
"id": 1010003,
"text": "Please confirm this action by verifying that it is you.",
"type": "info",
"context": {}
}
]
},
"created_at": "2022-07-29T20:26:56.171535Z",
"updated_at": "2022-07-29T20:26:56.171535Z",
"refresh": true,
"requested_aal": "aal1"
}
Relevant configuration
No response
Version
0.10.1
On which operating system are you observing this issue?
macOS
In which environment are you deploying?
Docker
Additional Context
No response
Hey, we use the normal Go json encoder - please see: https://pkg.go.dev/time#Time.MarshalJSON
Looks like it's stripping nanoseconds if the time is exact. I don't think there are workarounds we can do to resolve this easily :/
Can we just remove nanoseconds in this case? It's still a valid RFC without the nanoseconds. Maximum nanoseconds supported is either none or 2 decimal places from what I know.
Since we use the default Go formatter, there is currently no easy resolution to this. Closing as a wontfix.