VerifyRequest returns incorrect error when error is due to ValidationErrorNotValidYet

1gm commented 5 years ago

In VerifyRequest the conditional statement checking the error returned by JWTAuth.Decode is performed against the wrong constant (assuming the comments in the code are correct)

// lines 113-115 of jwtauth.go
} else if verr.Errors&jwt.ValidationErrorIssuedAt > 0 {
  return token, ErrNBFInvalid
}

should be

} else if verr.Errors&jwt.ValidationErrorNotValidYet > 0 {
  return token, ErrNBFInvalid
}

If this is not a bug (I haven't read the spec to know the difference between these errors) then my apologies for opening. I can send a PR over to address if interested.

Thanks

carldunham commented 4 years ago

Found this when staticcheck flagged two identical conditions in if/else

hmkwizu commented 4 years ago

Got same issue. submitted a PR #47

pkieltyka commented 3 years ago

solved in master

go-chi / jwtauth

VerifyRequest returns incorrect error when error is due to ValidationErrorNotValidYet #35