I would like to verify JWT signature and exp time but not nbf, Is there a way to do so ? #494
-
|
Main aim is to verify the signature. I'm currently using jwtVerify method, which also check for exp and nbf. I don't want to perform validation on nbf. Are there any plans to make it configurable or any temporary workaround for that ? I'm thinking to replace jwtVerify with compactVerify. I can probably tackle exp validation on my end. Can you please provide insights on this ? and Would that be okay to replace it ( Assuming jwtVerify and compactVerify will validate signature in a similar manner, it's just additional check of claims and payload in jwtVerify which is not available in compactVerify.) |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
When it comes to validating the JWT Claims Set there's no way to omit a particular timestamp claim validation. You can obviously just do |
Beta Was this translation helpful? Give feedback.
When it comes to validating the JWT Claims Set there's no way to omit a particular timestamp claim validation.
You can obviously just do
compactVerifyto verify the signature and then process the entire claims set on your own.