Millisecond precision for iat claim

Issue #120 invalid
Rahil Bohra created an issue

It looks like the fix for issue #35 removed millsecond precision to keep in line with the JWT spec at the time. AFAICT the spec no longer specifies any precision. I think millisecond precision is preferable, and #35 should be reverted.

Comments (1)

  1. Connect2id OSS

    The time unit is strictly defined as seconds for all numeric dates, else interop will turn out to be be a disaster :)

    The NumericDate definition is towards the bottom of the spec:

    NumericDate
          A JSON numeric value representing the number of seconds from 1970-
          01-01T00:00:00Z UTC until the specified UTC date/time, ignoring
          leap seconds.  This is equivalent to the IEEE Std 1003.1, 2013
          Edition [POSIX.1] definition "Seconds Since the Epoch", in which
          each day is accounted for by exactly 86400 seconds, other than
          that non-integer values can be represented.  See RFC 3339
          [RFC3339] for details regarding date/times in general and UTC in
          particular.
    
  2. Log in to comment