search

o1egl / paseto

Platform-Agnostic Security Tokens implementation in GO (Golang)
MIT License
852 stars 34 forks source link

Fail to check expiration #39

Closed brianw0924 closed 8 months ago

brianw0924 commented 8 months ago

The Decrypt function will not check expiration

for example:

after I call Decrypt

err := paseto.Decrypt(tokenString, key, jsonToken, nil)

I print

fmt.Println("now": time.Now())
fmt.Println("exp": jsonToken.Expiration)

It says

now: 2024-02-06 19:10:29.592541 + 0800 CST m=+1.003330876
exp: 2024-02-06 19:10:28 +0800 CST

but the err is nil

brianw0924 commented 8 months ago

update:

need to call jsonToken.Validate() by yourself