Probably not important anymore, as delayed keys will get more and more rare with the new GAEN versions. But the following can happen with very unfortunate clock synchronisation:
Day 1: User sends keys to exposed with a delayedKeyDate from day 0, which is accepted by ValidationUtils.validateDelayedKeyDate, and a JWT token created
Day 2: User sends last key to exposednextday with the key from day 0, which matches the JWT claim created by exposed, but which will be rejected by ValidationUtils.vlidateDelayedKeyDate
Probably not important anymore, as delayed keys will get more and more rare with the new GAEN versions. But the following can happen with very unfortunate clock synchronisation:
exposedwith adelayedKeyDatefrom day 0, which is accepted byValidationUtils.validateDelayedKeyDate, and a JWT token createdexposednextdaywith the key from day 0, which matches the JWT claim created byexposed, but which will be rejected byValidationUtils.vlidateDelayedKeyDate