1saifj
commented
2 years ago to skip expiration date validation, you should implement ValidateToken method on ValidateClaims, as follows:
tokenValidators := make([]jwt.TokenValidator, 0)
type validationClaims struct {
CheckIssuedDate bool
CheckNotBeforeDate bool
CheckExpireDate bool
}
func (vc validationClaims) ValidateToken(token []byte, standardClaims jwt.Claims, err error) error {
t := jwt.Clock()
now := t.Round(time.Second).Unix()
if vc.CheckNotBeforeDate {
if standardClaims.NotBefore > 0 {
if now < standardClaims.NotBefore {
return jwt.ErrNotValidYet
}
}
}
if vc.CheckIssuedDate {
if standardClaims.IssuedAt > 0 {
if now < standardClaims.IssuedAt {
return jwt.ErrIssuedInTheFuture
}
}
}
if vc.CheckExpireDate {
if standardClaims.Expiry > 0 {
if now > standardClaims.Expiry {
return jwt.ErrExpired
}
}
}
return nil
}
and then pass this to:
_, err := jwt.VerifyWithHeaderValidator(jwt.RS256, key, []byte(accessToken), compareHeader, tokenValidators...)
This library is not supported skip expiration dates for token validation, there is a crucial need for this feature especially in revoking access tokens and refreshing tokens for expired access tokens.
Could you please support this feature?