search

auth70 / paseto-ts

PASETO v4 (encrypt, decrypt, sign & verify) in TypeScript
MIT License
19 stars 6 forks source link

`nbf` should be allowed to be equal to `iat` #8

Closed francislavoie closed 4 months ago

francislavoie commented 4 months ago

I have a PASETO with a payload like this:

..."iat":"2024-03-07T13:15:41-05:00","nbf":"2024-03-07T13:15:41-05:00"...

The iat and nbf claims are the same, but I get an error when validating:

Payload must have a valid "nbf" claim (is not greater than "iat")

I think this is incorrect, the condition should allow equal values.

Arguably an equal nbf doesn't serve much value, but the error is surprising regardless.

I didn't add a test cause I just did this change via GitHub UI without checking out the repo. I figure a simple test should be added to cover this case.

miunau commented 4 months ago

Yeah, the spec for parsing didn't specify this case specifically, and I was being a bit overzealous. I see your point so I'm gonna merge this, thanks!