Improve StandardClaimAccessor getUpdatedAt to support String updated_at

[thorntonrp]

StandardClaimAssessor.getUpdatedAt() throws an IllegalArgumentException when the "updated_at" claim is being returned as a string. This is because there are several providers (unfortunately) that aren't following the spec with regard to this claim. (My company is using ForgeRock.) These providers are unlikely to change their behavior, because many of their clients now rely on this aberrant behavior.

This is a problem because StandardClaimAssessor.getUpdatedAt() only calls getClaimAsInstant which doesn't accept this value as a string. The only workaround I am aware of is for my code to extend Jwt, DefaultOidcUser, IdTokenClaimAssessor, OidcIdToken, and OidcUserInfo to override the default. It would be preferable if ClaimAssessor.getClaimAsInstant() would be able to parse the value into a number in the case where it comes back as a String.

[jgrandja]

@thorntonrp Thanks for the report. Yes, we've had other issues reported that are similar to this one. This will be resolved via #6245 to allow for compatibility between providers and their data formats. We also intend on providing a hook to allow the user to provide the expected data formats coming back from the provider for greater flexibility.

I'm going to close this issue so please follow #6245 for progress.

[jgrandja]

In the meantime, you can use getClaimAsString(StandardClaimNames.UPDATED_AT)