From f98168bab60bf1748ea29749e18ba57a9edeb1fe Mon Sep 17 00:00:00 2001
From: Francis Lavoie <lavofr@gmail.com>
Date: Thu, 7 Mar 2024 13:59:41 -0500
Subject: [PATCH] `nbf` should be allowed to be equal to `iat`

---
 src/lib/parse.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/lib/parse.ts b/src/lib/parse.ts
index 9d625b2..3bd5808 100644
--- a/src/lib/parse.ts
+++ b/src/lib/parse.ts
@@ -289,7 +289,7 @@ export function parsePayload(payload: string | Payload | Uint8Array, {
             throw new PasetoClaimInvalid("Payload must have a valid \"nbf\" claim (is not an date or a valid relative time string (e.g. \"1 hour\"))");
         }
         // The "nbf" claim must be greater than the "iat" claim
-        if (obj.hasOwnProperty("iat") && nbf <= Date.parse((obj as any).iat)) {
+        if (obj.hasOwnProperty("iat") && nbf < Date.parse((obj as any).iat)) {
             throw new PasetoClaimInvalid("Payload must have a valid \"nbf\" claim (is not greater than \"iat\")");
         }
         // The "nbf" claim must not be in the future
@@ -385,4 +385,4 @@ export function deriveEncryptionAndAuthKeys(key: Uint8Array, nonce: Uint8Array)
         counterNonce,
         authKey,
     }
-}
\ No newline at end of file
+}