"nbf" claim timestamp check failed

[tiansen-tw]

Checklist

• [X] I have looked into the Readme and Examples, and have not found a suitable solution or answer.
• [X] I have searched the issues and have not found a suitable solution or answer.
• [X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• [X] I agree to the terms within the Auth0 Code of Conduct.

Description

The verify will failed due the "nbf" claim check. In this code.

There is a options object as third optional args. If no set this args then jose will set tolerance to 0. It will leads to the JWT verify failed.

Your code validate the iat & exp with clockTolerance, so the clockTolerance should pass to jose as well.

Reproduction

1. Generate JWT token with nbf claim. The value can be current timestamp + 300
2. Set auth({clockTolerance: 600, issuer:'your issuer', audience: 'your audience'})
3. Call your api

Additional context

No response

express-oauth2-jwt-bearer version

audience

Node.js version

18.17.1

[adamjmcgrath]

Thanks for raising this @tiansen-tw - will take a look