-
-
Notifications
You must be signed in to change notification settings - Fork 694
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove rejection of future 'iat' claims #252
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mark-adams
force-pushed
the
190-remove-iat-verification
branch
from
April 17, 2017 13:32
365be7d
to
3e6d9ec
Compare
RFC 7519 does not specify or even suggest this type of validation on the 'iat' claim and it has caused issues for several consumers of PyJWT. This change removes the validation on future 'iat' values and leaves such things up to the application developer to implement. Fixes #190.
mark-adams
force-pushed
the
190-remove-iat-verification
branch
from
April 17, 2017 13:34
3e6d9ec
to
3447f0c
Compare
jpadilla
approved these changes
Apr 17, 2017
This was referenced Jun 22, 2017
This was referenced Jul 1, 2017
This was referenced Jul 18, 2017
This was referenced Sep 5, 2017
This was referenced Nov 12, 2017
FYI this was re-introduced by #794 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This change resolves #190 by no longer rejecting future
iat
claims.RFC 7519 does not require or even mention this type of validation so it seems best to leave this up to applications.
In addition, this PR changes the validation that rejects non-numeric
iat
values to raiseInvalidIssuedAtError
instead ofDecodeError