From fff64db0e2b1c401a1aacdee93f50e70d0b4f302 Mon Sep 17 00:00:00 2001
From: Joe Grandja <jgrandja@pivotal.io>
Date: Thu, 3 May 2018 21:03:32 -0400
Subject: [PATCH] Improve ClaimAccessor getClaimAsInstant

Fixes gh-5250
---
 .../security/oauth2/core/ClaimAccessor.java   |  6 +++--
 .../oauth2/core/ClaimAccessorTests.java       | 22 +++++++++++++++++++
 2 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java
index 9cf2dc8deb..f9bc43b291 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java
@@ -83,8 +83,10 @@ public interface ClaimAccessor {
 			return null;
 		}
 		Object claimValue = this.getClaims().get(claim);
-		if (Long.class.isAssignableFrom(claimValue.getClass())) {
-			return Instant.ofEpochSecond((Long) claimValue);
+		if (Long.class.isAssignableFrom(claimValue.getClass()) ||
+				Integer.class.isAssignableFrom(claimValue.getClass()) ||
+				Double.class.isAssignableFrom(claimValue.getClass())) {
+			return Instant.ofEpochSecond(((Number) claimValue).longValue());
 		}
 		if (Date.class.isAssignableFrom(claimValue.getClass())) {
 			return ((Date) claimValue).toInstant();
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java
index 2c35a87578..4a7f0efe02 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java
@@ -70,4 +70,26 @@ public class ClaimAccessorTests {
 		assertThat(this.claimAccessor.getClaimAsInstant(claimName)).isBetween(
 				expectedClaimValue.minusSeconds(1), expectedClaimValue.plusSeconds(1));
 	}
+
+	// gh-5250
+	@Test
+	public void getClaimAsInstantWhenIntegerTypeSecondsThenReturnInstant() {
+		Instant expectedClaimValue = Instant.now();
+		String claimName = "integerSeconds";
+		this.claims.put(claimName, Long.valueOf(expectedClaimValue.getEpochSecond()).intValue());
+
+		assertThat(this.claimAccessor.getClaimAsInstant(claimName)).isBetween(
+				expectedClaimValue.minusSeconds(1), expectedClaimValue.plusSeconds(1));
+	}
+
+	// gh-5250
+	@Test
+	public void getClaimAsInstantWhenDoubleTypeSecondsThenReturnInstant() {
+		Instant expectedClaimValue = Instant.now();
+		String claimName = "doubleSeconds";
+		this.claims.put(claimName, Long.valueOf(expectedClaimValue.getEpochSecond()).doubleValue());
+
+		assertThat(this.claimAccessor.getClaimAsInstant(claimName)).isBetween(
+				expectedClaimValue.minusSeconds(1), expectedClaimValue.plusSeconds(1));
+	}
 }