Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove rejection of future 'iat' claims #252

Merged
merged 2 commits into from Apr 17, 2017
Merged

Remove rejection of future 'iat' claims #252

merged 2 commits into from Apr 17, 2017

Conversation

mark-adams
Copy link
Contributor

This change resolves #190 by no longer rejecting future iat claims.

RFC 7519 does not require or even mention this type of validation so it seems best to leave this up to applications.

In addition, this PR changes the validation that rejects non-numeric iat values to raise InvalidIssuedAtError instead of DecodeError

@mark-adams
Stop rejecting tokens with future 'iat' values
8f3a2a8 
RFC 7519 does not specify or even suggest this type of validation on the
'iat' claim and it has caused issues for several consumers of PyJWT.

This change removes the validation on future 'iat' values and leaves
such things up to the application developer to implement.

Fixes #190.
@mark-adams
Non-numeric 'iat' now raises InvalidIssuedAtError on decode()
3447f0c
@coveralls
Copy link

coveralls commented Apr 17, 2017
edited

Coverage Status

Coverage remained the same at 100.0% when pulling 3447f0c on 190-remove-iat-verification into ceff941 on master.

@mark-adams mark-adams merged commit ce7f929 into master Apr 17, 2017
@mark-adams mark-adams mentioned this pull request Apr 17, 2017
Closed
@jpadilla jpadilla modified the milestone: v1.5.0 Apr 17, 2017
@EnTeQuAk EnTeQuAk mentioned this pull request Apr 25, 2017
Merged
This was referenced Jun 22, 2017
Open
Merged
Merged
Merged
Closed
Merged
This was referenced Jul 1, 2017
Closed
Closed
This was referenced Jul 18, 2017
Closed
Merged
Merged
@pyup-bot pyup-bot mentioned this pull request Aug 4, 2017
Closed
This was referenced Sep 5, 2017
Closed
Closed
@pyup-bot pyup-bot mentioned this pull request Sep 28, 2017
Merged
@pyup-bot pyup-bot mentioned this pull request Oct 14, 2017
Merged
This was referenced Nov 12, 2017
Closed
Merged
@pyup-bot pyup-bot mentioned this pull request Jan 10, 2018
Merged
@pyup-bot pyup-bot mentioned this pull request Feb 12, 2018
Merged
@vorpal-buildbot vorpal-buildbot mentioned this pull request Jun 15, 2020
Merged
@gobengo gobengo mentioned this pull request Aug 10, 2023
Closed
@vergenzt
Copy link

vergenzt commented Dec 1, 2023

FYI this was re-introduced by #794

@vergenzt vergenzt mentioned this pull request Jan 19, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jpadilla jpadilla jpadilla approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.5.0
Development

Successfully merging this pull request may close these issues.

Why validate that 'iat' is not in the future?
4 participants
@mark-adams @coveralls @vergenzt @jpadilla