Keats
commented
8 months ago IMO, there shouldn't be a get_current_timestamp call. The user should have to supply one on calling decode, the same way they do when calling encode
That would be horrendous UX. Is there a single JWT library in any languages doing that by default? I can potentially image having it to override the current timestamp for testing purposes but it's present in many languages. I've checked node, python, ruby and .net and only node allows setting it for decode.
Getting the current timestamp has nothing to do with validation
resolves #339
I really don't like this approach though.
Why is setting the expiration time user controlled, but not validation? I have to import
chronoso I can specify a timestamp forexp, but then the validation call is a black box that does something outside of user control. IMO, there shouldn't be aget_current_timestampcall. The user should have to supply one on callingdecode, the same way they do when callingencode