Add support for nbf (Not Before) token claim validation #37
Conversation
Added code and tests to support validation of 'nbf' claims in payload per section 4.1.5 of JWT specification.
To match usage.
| @@ -173,6 +173,25 @@ private static void Verify(string decodedCrypto, string decodedSignature, string | |||
| throw new SignatureVerificationException("Token has expired."); | |||
| } | |||
| } | |||
| // verify nbf claim https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.5 | |||
| if (payloadData.ContainsKey("nbf") && payloadData["nbf"] != null) | |||
There was a problem hiding this comment.
You may want to use here:
object nbfObj;
if (payloadData.TryGetValue("nbf", out nbfObj) && nbfObj is int)
{
int nbf = (int)nbfObj;
}There was a problem hiding this comment.
Doing as you suggest would remove symmetry with the 'exp' claim validation behavior. If that was done I would expect both to be changed, and they would lose the "Claim X must be an integer" exception (unless you nested the 'is int' check).
There was a problem hiding this comment.
Yeah, consistency makes sense. I submitted a refactoring PR to improve the code here and there but the author never cared to review it.
P.S. you still can have proper exception by splitting the if condition into 2:
object nbfObj;
if (payloadData.TryGetValue("nbf", out nbfObj))
{
if (!nbfObj is int)
throw new SignatureVerificationException("Claim 'nbf' must be an integer.");
int nbf = (int)nbfObj;
}There was a problem hiding this comment.
hi, do you still care about this pr? Would you mind to review/refactor it once again?
|
Please rebase on the latest |
|
Can you please create a new branch based on the v2 codebase, see #67? Thanks! |
|
Redone in #81 for the v2 codebase |
Added code and tests to support validation of 'nbf' claims in payload per section 4.1.5 of the JWT specification.