Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The leeway parameter is applies to all time based verifications #129

Closed
tpickett66 opened this issue Feb 23, 2016 · 2 comments · Fixed by #187
Closed

The leeway parameter is applies to all time based verifications #129

tpickett66 opened this issue Feb 23, 2016 · 2 comments · Fixed by #187
Assignees
@excpt
Labels
bug
Milestone
Version 2.0.0

Comments

@tpickett66
Copy link
Contributor

Having expiration and not before timeouts using the same leeway is surprising and could lead JWTs to live longer than expected when both exp and nbf are being verified and a leeway is desired on one but not the other.
@tpickett66
Copy link
Contributor Author

Looks like iat is lumped in there too.

@excpt excpt added the bug label Mar 24, 2016
@excpt excpt added this to the Version 1.5.4 milestone Mar 24, 2016
@excpt excpt self-assigned this Mar 24, 2016
@excpt
Copy link
Member

excpt commented Mar 24, 2016

Thanks for pointing that out.

@excpt excpt modified the milestones: Version 1.6.0, Version 1.5.4 Mar 24, 2016
@EmilioCristalli EmilioCristalli mentioned this issue Feb 5, 2017
Merged
@excpt excpt closed this as completed in #187 Feb 9, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@excpt excpt

Labels
bug
Projects
None yet
Milestone
Version 2.0.0
Development

Successfully merging a pull request may close this issue.

Add options for claim-specific leeway EmilioCristalli/ruby-jwt
2 participants
@excpt @tpickett66