Skip to content

Commit

Permalink
Not Before (nbf) calculated based on iat/timestamp (auth0#437)
Browse files Browse the repository at this point in the history 
fix auth0#435
  • Loading branch information
@MitMaro @ziluvatar
MitMaro authored and ziluvatar committed Jan 19, 2018
1 parent 25e0e62 commit 2764a64
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 2 deletions.
2 changes: 1 addition & 1 deletion sign.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,7 @@ module.exports = function (payload, secretOrPrivateKey, options, callback) {
}

if (typeof options.notBefore !== 'undefined') {
payload.nbf = timespan(options.notBefore);
payload.nbf = timespan(options.notBefore, timestamp);
if (typeof payload.nbf === 'undefined') {
return failure(new Error('"notBefore" should be a number of seconds or string representing a timespan eg: "1d", "20h", 60'));
}
Expand Down
11 changes: 10 additions & 1 deletion test/iat.tests.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,4 +12,13 @@ describe('iat', function () {
expect(result.exp).to.be.closeTo(iat + expiresIn, 0.2);
});

});
it('should work with a nbf calculated based on numeric iat', function () {
var dateNow = Math.floor(Date.now() / 1000);
var iat = dateNow - 30;
var notBefore = -50;
var token = jwt.sign({foo: 123, iat: iat}, '123', {notBefore: notBefore});
var result = jwt.verify(token, '123');
expect(result.nbf).to.equal(iat + notBefore);
});

});

0 comments on commit 2764a64

Please sign in to comment.