iat, nbf clause readability
Issue #695
resolved
14. to accommodate for clock offsets, shall accept JWTs with an iat or nbf time up to 10 seconds in the future, however should reject JWTs with an iat or nbf of 60 seconds or greater in the future.
[Rifaat] What should the AS do when iat/nbf is greater than 10 but less than 60?
Comments (4)
-
reporter -
reporter how about:
to accommodate clock offsets, shall accept JWTs with an 'iat' or 'nbf' time up to 10 seconds in the future, may accept those with an 'iat' or 'nbf' time between 10 and 60 seconds in the future, but should reject those with an 'iat' or 'nbf' time 60 seconds or more in the future.
-
reporter -
reporter - changed status to resolved
PR merged
- Log in to comment
the wording on this is difficult, what we meant to say (i think) is:
0 to 10 seconds in the future - accept and process
10 to 60 seconds - do what you want, no guidance from us
60+ seconds - should reject