The spec's instructions for verifying token TTL doesn't explain how to handle nanoseconds.
If the user has specified a maximum age (or "time-to-live") for the token, ensure the recorded timestamp is not too far in the past.
This results in difference between implementations. For example, fernet-go uses time.Time.After, which checks equality down to the nanosecond level, while Python's cryptography.fernet truncates nanoseconds from the now timestamp before comparing. This means that a token may fail verification in one implementation, but pass in the other.
The spec's instructions for verifying token TTL doesn't explain how to handle nanoseconds.
This results in difference between implementations. For example, fernet-go uses
time.Time.After, which checks equality down to the nanosecond level, while Python's cryptography.fernet truncates nanoseconds from the now timestamp before comparing. This means that a token may fail verification in one implementation, but pass in the other.