def validate_nbf(self, now, leeway): """The "nbf" (not before) claim identifies the time before which the JWT MUST NOT be accepted for processing. The processing of the "nbf" claim requires that the current date/time MUST be after or equal to the not-before date/time listed in the "nbf" claim. Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew. Its value MUST be a number containing a NumericDate value. Use of this claim is OPTIONAL. """ if 'nbf' in self: nbf = self['nbf'] if not _validate_numeric_time(nbf): raise InvalidClaimError('nbf') if nbf > (now + leeway): raise InvalidTokenError()
def validate_iat(self, now, leeway) -> None: """ Overloaded implementation of the 'validate_iat' method in the AuthLib default 'JWTClaims' class. Differences include: - checking the claim value is after now, to ensure a token has been issued and is 'in force' Note: Validating the 'issued at' claim in this way is not required when validating a token, according to RFC7519, the JWT RFC. We do so because it makes logical sense with the way our OAuth provider (Azure) works. :type now: float :param now: current time, in the form of seconds past the Unix Epoch :type leeway: float :param leeway: a time delta in seconds to allow for clock skew between servers (i.e. a margin of error) """ iat = self.get('iat') if iat and not isinstance(iat, int): raise InvalidClaimError('iat') if iat > (now + leeway): raise InvalidTokenError()