search

Keats / jsonwebtoken

JWT lib in rust
MIT License
1.64k stars 260 forks source link

exp does not seem to give an error #270

Closed kometen closed 1 year ago

kometen commented 1 year ago

Found this introduction at https://tms-dev-blog.com/how-to-use-jwt-with-rust-learn-the-basics/ which I tried. But it does not seem to result in a panic when pausing and then decode beyond exp.

let my_iat = Utc::now().timestamp();
let my_exp = Utc::now()
    .checked_add_signed(Duration::seconds(2))
    .expect("invalid timestamp")
    .timestamp();
let my_claims = Claims {
    sub: "a@b.c".to_owned(),
    exp: my_exp as usize,
    iat: my_iat as usize,
    test: "hello".to_owned(),
};

thread::sleep(time::Duration::from_secs(7));

let token_data = match decode::<Claims>(
    &token,
    &DecodingKey::from_secret(key),
    &Validation::default(),
) {
    Ok(c) => c,
    Err(err) => {
        eprintln!("err: {:?}", err.kind());
        panic!()
    }
};

println!("token data: {:?}", token_data);
Keats commented 1 year ago

There is a default 60s leeway that you can customise

kometen commented 1 year ago

Thank you.

let mut validation = Validation::new(Algorithm::HS256);
validation.leeway = 5;

let token_data = match decode::<Claims>(
    &token,
    &DecodingKey::from_secret(key),
    &validation,
) { ... }