-
Notifications
You must be signed in to change notification settings - Fork 248
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for negative leeway values #365
Comments
|
@Keats thanks for the quick response!
|
It seems that what you want, rather than negative leeway which is imo a bit confusing is another option to reject tokens that are |
@Keats yes, rejecting tokens that are Configuring this as a separate setting rather than as a negative leeway value should work fine. |
Something like |
Yes, that is a clear name in my opinion. Would you like me to update the existing PR to reflect? |
Fix released as part of version 9.3.0; closing this issue |
I use
jsonwebtoken
as part of a client application. During the course of development, I have encountered two issues with how token expiration is handled:In order to allow library users to work around both these problems, I propose the following solution.
leeway
option into separate settings for validating tokenexp
andnbf
claims. These settings can be namedexp_leeway
andnbf_leeway
.exp_leeway
values to be negative numbers. This allows library users to specify that a token needs to be replaced at some time interval before expiration to account for inconsistent handling of fractional time values by other software or delays imposed by network latency.nbf_leeway
values to be negative numbers for consistency.Update: Here is a PR implementing the proposed solution.
The text was updated successfully, but these errors were encountered: