Merge pull request #8 from francislavoie/patch-1

`nbf` should be allowed to be equal to `iat`
auth70 · Mar 7, 2024 · 1699604 · 1699604
2 parents 72c5fe0 + f98168b
commit 1699604
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/lib/parse.ts b/src/lib/parse.ts
@@ -289,7 +289,7 @@ export function parsePayload(payload: string | Payload | Uint8Array, {
  throw new PasetoClaimInvalid("Payload must have a valid \"nbf\" claim (is not an date or a valid relative time string (e.g. \"1 hour\"))");
  }
  // The "nbf" claim must be greater than the "iat" claim
- if (obj.hasOwnProperty("iat") && nbf <= Date.parse((obj as any).iat)) {
+ if (obj.hasOwnProperty("iat") && nbf < Date.parse((obj as any).iat)) {
  throw new PasetoClaimInvalid("Payload must have a valid \"nbf\" claim (is not greater than \"iat\")");
  }
  // The "nbf" claim must not be in the future
@@ -385,4 +385,4 @@ export function deriveEncryptionAndAuthKeys(key: Uint8Array, nonce: Uint8Array)
  counterNonce,
  authKey,
  }
-}
+}