gh-153

README.MD

@@ -2,7 +2,7 @@ You can now **test your OAuth2 / OpenID knowledge with a dedicated quiz** availa
 
 7.x is a break through in usability: all 6 `spring-addons` Boot starters are merged into a single one: [`com.c4-soft.springaddons:spring-addons-starter-oidc`](https://repo1.maven.org/maven2/com/c4-soft/springaddons/spring-addons-starter-oidc/), and so are 4 of the test libs: [`com.c4-soft.springaddons:spring-addons-starter-oidc-test`](https://repo1.maven.org/maven2/com/c4-soft/springaddons/spring-addons-starter-oidc-test/). To use the test annotations without the starter, the dependency is unchanged: [`com.c4-soft.springaddons:spring-addons-oauth2-test`](https://repo1.maven.org/maven2/com/c4-soft/springaddons/spring-addons-oauth2-test/).
 
-Please follow the [migration guide](https://github.com/ch4mpy/spring-addons/blob/master/7.0.0-migration-guide.md) to move from `6.x` to `7.1.12`. There is no urge to do so on existing projects as 6.2.x patches should be published untill the end of 2023.
+Please follow the [migration guide](https://github.com/ch4mpy/spring-addons/blob/master/7.0.0-migration-guide.md) to move from `6.x` to `7.1.1`. There is no urge to do so on existing projects as 6.2.x patches should be published untill the end of 2023.
 
 All samples and tutorials sources are migrated to latest starter and test annotations, but some READMEs might still need a refresh. Please make sure you refer to source code for up to date configuration.
 
@@ -426,7 +426,7 @@ This starters are designed to push auto-configuration one step further. In most
 I could forget to update README before releasing, so please refer to [maven central](https://repo1.maven.org/maven2/com/c4-soft/springaddons/spring-addons/) to pick latest available release
 ```xml
     <properties>
-        <springaddons.version>7.1.12</springaddons.version>
+        <springaddons.version>7.1.1</springaddons.version>
     </properties>
     <dependencies>
 
@@ -462,6 +462,9 @@ I could forget to update README before releasing, so please refer to [maven cent
 
 ### 5.1. <a name="release-notes-7"/>`7.x` Branch
 
+#### `7.1.13`
+- [gh-153](https://github.com/ch4mpy/spring-addons/issues/153) have the default opaque tokens introspector accept `Integer`, `Long`, `Instant` and `Date` as value type for `iat` and `exp` claims
+
 #### `7.1.12`
 - Spring boot `3.1.5` as transient dependency
 - [gh-151](https://github.com/ch4mpy/spring-addons/issues/151) scan application context for `authenticationEntryPoint` and `accessDeniedHandler` to auto-configure resource servers (default returns `401` for unauthorized requests instead of `302 redirect to login`).

spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/SpringAddonsOidcBeans.java

@@ -1,5 +1,6 @@
 package com.c4_soft.springaddons.security.oidc.starter.synchronised;
 
+import java.sql.Date;
 import java.time.Instant;
 import java.util.Collection;
 import java.util.HashSet;
@@ -98,6 +99,8 @@ OpaqueTokenAuthenticationConverter introspectionAuthenticationConverter(
 			SpringAddonsOidcProperties addonsProperties,
 			OAuth2ResourceServerProperties resourceServerProperties) {
 		return (String introspectedToken, OAuth2AuthenticatedPrincipal authenticatedPrincipal) -> {
+			final var iatClaim = authenticatedPrincipal.getAttribute(OAuth2TokenIntrospectionClaimNames.IAT);
+			final var expClaim = authenticatedPrincipal.getAttribute(OAuth2TokenIntrospectionClaimNames.EXP);
 			return new BearerTokenAuthentication(
 					new OAuth2IntrospectionAuthenticatedPrincipal(
 							new OpenidClaimSet(
@@ -112,11 +115,28 @@ OpaqueTokenAuthenticationConverter introspectionAuthenticationConverter(
 					new OAuth2AccessToken(
 							OAuth2AccessToken.TokenType.BEARER,
 							introspectedToken,
-							Instant.ofEpochSecond(((Integer) authenticatedPrincipal.getAttribute(OAuth2TokenIntrospectionClaimNames.IAT)).longValue()),
-							Instant.ofEpochSecond(((Integer) authenticatedPrincipal.getAttribute(OAuth2TokenIntrospectionClaimNames.EXP)).longValue())),
+							toInstant(iatClaim),
+							toInstant(expClaim)),
 					authoritiesConverter.convert(authenticatedPrincipal.getAttributes()));
 		};
 	}
+
+	private final Instant toInstant(Object claim) {
+		if(claim == null) {
+			return null;
+		}
+		if(claim instanceof Instant i) {
+			return i;
+		} else if(claim instanceof Date d) {
+			return d.toInstant();
+		} else if(claim instanceof Integer i) {
+			return Instant.ofEpochSecond((i).longValue());
+		} else if(claim instanceof Long l) {
+			return Instant.ofEpochSecond(l);
+		} else {
+			return null;
+		}
+	}
 
 	/**
 	 * @param  authoritiesConverter the authorities converter to use (by default {@link ConfigurableClaimSetAuthoritiesConverter})