def validate_nbf(self, now, leeway):
"""The "nbf" (not before) claim identifies the time before which the JWT
MUST NOT be accepted for processing. The processing of the "nbf"
claim requires that the current date/time MUST be after or equal to
the not-before date/time listed in the "nbf" claim. Implementers MAY
provide for some small leeway, usually no more than a few minutes, to
account for clock skew. Its value MUST be a number containing a
NumericDate value. Use of this claim is OPTIONAL.
"""
if 'nbf' in self:
nbf = self['nbf']
if not _validate_numeric_time(nbf):
raise InvalidClaimError('nbf')
if nbf > (now + leeway):
raise InvalidTokenError()
def validate_iat(self, now, leeway) -> None:
"""
Overloaded implementation of the 'validate_iat' method in the AuthLib default 'JWTClaims' class.
Differences include:
- checking the claim value is after now, to ensure a token has been issued and is 'in force'
Note: Validating the 'issued at' claim in this way is not required when validating a token, according to
RFC7519, the JWT RFC. We do so because it makes logical sense with the way our OAuth provider (Azure) works.
:type now: float
:param now: current time, in the form of seconds past the Unix Epoch
:type leeway: float
:param leeway: a time delta in seconds to allow for clock skew between servers (i.e. a margin of error)
"""
iat = self.get('iat')
if iat and not isinstance(iat, int):
raise InvalidClaimError('iat')
if iat > (now + leeway):
raise InvalidTokenError()