expired JWTs are allowed to enroll

[dovholuknf]

Observed:

• Configured a controller with 5m jwt expiration
• waited 5 minutes
• successfully enrolled identity using ziti-edge-tunnel
• the controller should not accept this enrollment

Expected Behavior I expected to see the enrollment fail as the JWT had expired

Steps to Reproduce

• start a quickstart controller: ziti edge quickstart --home c:\temp\expired-jwt
• allow the quickstart to setttle
• stop quickstart
• edit the controller config file c:\temp\expired-jwt\ctrl.yaml, find and replace 180m with 5m
• start the quickstart back up ziti edge quickstart --home c:\temp\expired-jwt
• create an identity: ziti edge create identity expired -o c:\temp\expired-jwt\expired.jwt
• wait 5+ minutes....
• ensure ziti-edge-tunnel (or zdew) installed and enroll identity: "C:\Program Files (x86)\NetFoundry Inc\Ziti Desktop Edge\ziti-edge-tunnel.exe" enroll --jwt C:\temp\expired-jwt\expired.jwt --identity C:\temp\expired-jwt\expired.json

Additional Information

ziti edge enroll c:\temp\expired-jwt\ziti-id.jwt

fails with:

failed to parse JWT: token has invalid claims: token is expired