njwt icon indicating copy to clipboard operation
njwt copied to clipboard
verified publisher icon jwtk

Add NBF clock tolerance

Open davidbonting opened this issue 6 years ago • 2 comments

Sometimes the server clock time differs between machines. That's why we needed some tolerance within the NBF. So I looked at node-jsonwebtoken and implemented the same kind of functionality.

This fork fits our needs, but if we want to release this we probably want to change this part:

    if(args.length===4){
      verifier.setNbfTolerance(args[3]);

      if(args[2]==null){
        verifier.setSigningAlgorithm('none');
      }else{
        verifier.setSigningAlgorithm(args[2]);
      }

      if(args[1]==null){
        verifier.setSigningKey('');
      }else{
        verifier.setSigningKey(args[1]);
      }
    }

and

nJwt.verify(token,null,null,1000,function(err){

It's kind of ugly. Yet I don't know how to solve it without completely changing that function (without creating a breaking change).

davidbonting avatar Apr 01 '19 14:04 davidbonting

Coverage Status

Coverage decreased (-0.7%) to 99.288% when pulling 5c4fb61574723af2e795fa8c5ff56090f011d056 on davidbonting:feature/nbf-clocktolerance into c334bf3d57a43a2e6c0c8758b3faed7071460539 on jwtk:master.

coveralls avatar Apr 01 '19 14:04 coveralls

Coverage Status

Coverage decreased (-0.7%) to 99.288% when pulling 5c4fb61574723af2e795fa8c5ff56090f011d056 on davidbonting:feature/nbf-clocktolerance into c334bf3d57a43a2e6c0c8758b3faed7071460539 on jwtk:master.

coveralls avatar Apr 01 '19 14:04 coveralls