connect2id / Nimbus-JOSE-JWT / issues / #120 - Millisecond precision for iat claim — Bitbucket

Issue #120 invalid

Rahil Bohra created an issue 2015-03-16

It looks like the fix for issue ~~#35~~ removed millsecond precision to keep in line with the JWT spec at the time. AFAICT the spec no longer specifies any precision. I think millisecond precision is preferable, and ~~#35~~ should be reverted.

Comments (1)

Connect2id OSS

changed status to invalid

The time unit is strictly defined as seconds for all numeric dates, else interop will turn out to be be a disaster :)

The NumericDate definition is towards the bottom of the spec:

NumericDate
      A JSON numeric value representing the number of seconds from 1970-
      01-01T00:00:00Z UTC until the specified UTC date/time, ignoring
      leap seconds.  This is equivalent to the IEEE Std 1003.1, 2013
      Edition [POSIX.1] definition "Seconds Since the Epoch", in which
      each day is accounted for by exactly 86400 seconds, other than
      that non-integer values can be represented.  See RFC 3339
      [RFC3339] for details regarding date/times in general and UTC in
      particular.

2015-03-16T09:44:16+00:00

Log in to comment

Assignee: –

Type: proposal

Priority: minor

Status: invalid

Component: JWT

Milestone: –

Votes: 0

Watchers: 2

Jira: the preferred issue tracker for Bitbucket. Join the team!