nbf should be allowed to be equal to iat

francislavoie · web-flow · commit f98168bab60b · 2024-03-07T13:59:41.000-05:00
diff --git a/src/lib/parse.ts b/src/lib/parse.ts
@@ -289,7 +289,7 @@ export function parsePayload(payload: string | Payload | Uint8Array, {
             throw new PasetoClaimInvalid("Payload must have a valid \"nbf\" claim (is not an date or a valid relative time string (e.g. \"1 hour\"))");
         }
         // The "nbf" claim must be greater than the "iat" claim
-        if (obj.hasOwnProperty("iat") && nbf <= Date.parse((obj as any).iat)) {
+        if (obj.hasOwnProperty("iat") && nbf < Date.parse((obj as any).iat)) {
             throw new PasetoClaimInvalid("Payload must have a valid \"nbf\" claim (is not greater than \"iat\")");
         }
         // The "nbf" claim must not be in the future
@@ -385,4 +385,4 @@ export function deriveEncryptionAndAuthKeys(key: Uint8Array, nonce: Uint8Array)
         counterNonce,
         authKey,
     }
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -289,7 +289,7 @@ export function parsePayload(payload: string \| Payload \| Uint8Array, {`
`289`	`289`	`throw new PasetoClaimInvalid("Payload must have a valid \"nbf\" claim (is not an date or a valid relative time string (e.g. \"1 hour\"))");`
`290`	`290`	`}`
`291`	`291`	`// The "nbf" claim must be greater than the "iat" claim`
`292`		`- if (obj.hasOwnProperty("iat") && nbf <= Date.parse((obj as any).iat)) {`
	`292`	`+ if (obj.hasOwnProperty("iat") && nbf < Date.parse((obj as any).iat)) {`
`293`	`293`	`throw new PasetoClaimInvalid("Payload must have a valid \"nbf\" claim (is not greater than \"iat\")");`
`294`	`294`	`}`
`295`	`295`	`// The "nbf" claim must not be in the future`
`@@ -385,4 +385,4 @@ export function deriveEncryptionAndAuthKeys(key: Uint8Array, nonce: Uint8Array)`
`385`	`385`	`counterNonce,`
`386`	`386`	`authKey,`
`387`	`387`	`}`
`388`		`-}`
	`388`	`+}`