Closed BrandonDyer64 closed 8 months ago
IMO, there shouldn't be a get_current_timestamp call. The user should have to supply one on calling decode, the same way they do when calling encode
That would be horrendous UX. Is there a single JWT library in any languages doing that by default? I can potentially image having it to override the current timestamp for testing purposes but it's present in many languages. I've checked node, python, ruby and .net and only node allows setting it for decode.
Getting the current timestamp has nothing to do with validation
resolves #339
I really don't like this approach though.
Why is setting the expiration time user controlled, but not validation? I have to import
chrono
so I can specify a timestamp forexp
, but then the validation call is a black box that does something outside of user control. IMO, there shouldn't be aget_current_timestamp
call. The user should have to supply one on callingdecode
, the same way they do when callingencode