Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove rejection of future 'iat' claims #252

Merged
merged 2 commits into from
Apr 17, 2017

Conversation

mark-adams
Copy link
Contributor

This change resolves #190 by no longer rejecting future iat claims.

RFC 7519 does not require or even mention this type of validation so it seems best to leave this up to applications.

In addition, this PR changes the validation that rejects non-numeric iat values to raise InvalidIssuedAtError instead of DecodeError

RFC 7519 does not specify or even suggest this type of validation on the
'iat' claim and it has caused issues for several consumers of PyJWT.

This change removes the validation on future 'iat' values and leaves
such things up to the application developer to implement.

Fixes #190.
@coveralls
Copy link

coveralls commented Apr 17, 2017

Coverage Status

Coverage remained the same at 100.0% when pulling 3447f0c on 190-remove-iat-verification into ceff941 on master.

@mark-adams mark-adams merged commit ce7f929 into master Apr 17, 2017
@jpadilla jpadilla modified the milestone: v1.5.0 Apr 17, 2017
@vergenzt
Copy link

vergenzt commented Dec 1, 2023

FYI this was re-introduced by #794

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Why validate that 'iat' is not in the future?
4 participants