Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

stop adding iat in payload (optional claim) #112

Open
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

jbidzik
Copy link

@jbidzik jbidzik commented Nov 24, 2016

fix #111
As mentioned in RFC7519, iat is an optional claim.
If iat is added in payload, token that does not contains iat will never pass signature verification.

@odino
Copy link
Contributor

odino commented Jan 9, 2017

hey @jbidzik will this create backward compatibility problems?

@odino
Copy link
Contributor

odino commented Jan 9, 2017

Also, sorry for the delay for having a look at this....busy :P

@jbidzik
Copy link
Author

jbidzik commented Jan 19, 2017

@odino i dont think this will create BC break because we stop adding iat on both token generation and validation.
However, if someone want to add iat claim, its not possible anymore.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

SimpleJWS verification fails if no iat claim
2 participants