2 files changed, 31 insertions, 14 deletions

diff --git a/src/zenhttp/httpclientauth.cpp b/src/zenhttp/httpclientauth.cpp
index 6a3f18b7a..1ebf1f949 100644
--- a/src/zenhttp/httpclientauth.cpp
+++ b/src/zenhttp/httpclientauth.cpp
@@ -142,21 +142,40 @@ namespace zen { namespace httpclientauth {
 
 			if (JsonError.empty() == false)
 			{
-				ZEN_WARN("Unable to parse Oidcs json response from {}. Reason: '{}'", AuthTokenPath, JsonError);
+				ZEN_WARN("Unable to parse OIDC json output file {}. Reason: '{}'", AuthTokenPath, JsonError);
 				return HttpClientAccessToken{};
 			}
 			std::string Token			   = Json["Token"].string_value();
 			std::string ExpiresAtUTCString = Json["ExpiresAtUtc"].string_value();
-			ZEN_ASSERT(!ExpiresAtUTCString.empty());
+			if (Token.empty())
+			{
+				ZEN_WARN("The 'Token' field in json output file {} is empty", AuthTokenPath);
+				return HttpClientAccessToken{};
+			}
+			if (ExpiresAtUTCString.empty())
+			{
+				ZEN_WARN("The 'ExpiresAtUtc' field in json output file {} is empty", AuthTokenPath);
+				return HttpClientAccessToken{};
+			}
+			if (ExpiresAtUTCString.back() != 'Z')
+			{
+				ZEN_WARN("The 'ExpiresAtUtc' field '{}' in json output file {} does not end with 'Z'; expected a UTC timestamp",
+						 ExpiresAtUTCString,
+						 AuthTokenPath);
+				return HttpClientAccessToken{};
+			}
 
-			int Year		= 0;
-			int Month		= 0;
-			int Day			= 0;
-			int Hour		= 0;
-			int Minute		= 0;
-			int Second		= 0;
-			int Millisecond = 0;
-			sscanf(ExpiresAtUTCString.c_str(), "%d-%d-%dT%d:%d:%d.%dZ", &Year, &Month, &Day, &Hour, &Minute, &Second, &Millisecond);
+			int Year   = 0;
+			int Month  = 0;
+			int Day	   = 0;
+			int Hour   = 0;
+			int Minute = 0;
+			int Second = 0;
+			if (sscanf(ExpiresAtUTCString.c_str(), "%d-%d-%dT%d:%d:%d", &Year, &Month, &Day, &Hour, &Minute, &Second) != 6)
+			{
+				ZEN_WARN("Unable to parse ExpiresAtUtc '{}' from json output file {}", ExpiresAtUTCString, AuthTokenPath);
+				return HttpClientAccessToken{};
+			}
 
 			std::tm Time = {
 				Second,
@@ -169,7 +188,6 @@ namespace zen { namespace httpclientauth {
 
 			time_t							 UTCTime	= timegm(&Time);
 			HttpClientAccessToken::TimePoint ExpireTime = std::chrono::system_clock::from_time_t(UTCTime);
-			ExpireTime += std::chrono::milliseconds(Millisecond);
 
 			return HttpClientAccessToken(fmt::format("Bearer {}"sv, Token), ExpireTime);
 		}
diff --git a/src/zenhttp/include/zenhttp/httpclientauth.h b/src/zenhttp/include/zenhttp/httpclientauth.h
index f1bccdca6..ce646ebd7 100644
--- a/src/zenhttp/include/zenhttp/httpclientauth.h
+++ b/src/zenhttp/include/zenhttp/httpclientauth.h
@@ -10,9 +10,8 @@ namespace zen {
 class AuthMgr;
 
 namespace httpclientauth {
-
-	// The std::function<HttpClientAccessToken()> instances returned from these functions are not guarateed to
-	// be thread safe so caller must make sure they are not called from multiple threads in parallell
+	// The std::function<HttpClientAccessToken()> instances returned from these functions are not guaranteed to
+	// be thread safe so caller must make sure they are not called from multiple threads in parallel
 
 	std::function<HttpClientAccessToken()> CreateFromStaticToken(HttpClientAccessToken Token);