Closed kr closed 9 years ago
You might want to reject tokens that appear to be generated far in the future. This can't happen in normal practice, and usually means there's substantial clock skew.
The go implementation does this with a hard-coded constant https://github.com/fernet/fernet-go/blob/54c3c8f/fernet.go#L70 https://github.com/fernet/fernet-go/blob/54c3c8f/fernet.go#L32 (not configurable).
This isn't required by the spec, but personally I think it's a usefully defensive thing to check.
You might want to reject tokens that appear to be generated far in the future. This can't happen in normal practice, and usually means there's substantial clock skew.
The go implementation does this with a hard-coded constant https://github.com/fernet/fernet-go/blob/54c3c8f/fernet.go#L70 https://github.com/fernet/fernet-go/blob/54c3c8f/fernet.go#L32 (not configurable).
This isn't required by the spec, but personally I think it's a usefully defensive thing to check.