From c98a4f0296aecb862f2dda48231383cb3ec2d24c Mon Sep 17 00:00:00 2001 From: Daniel Thompson Date: Tue, 5 Nov 2024 12:56:17 +0000 Subject: [PATCH 1/2] Adding explanation for clockTolerance on JWTVerifyOptions --- docs/jwt/verify/interfaces/JWTVerifyOptions.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/jwt/verify/interfaces/JWTVerifyOptions.md b/docs/jwt/verify/interfaces/JWTVerifyOptions.md index 4a79fc3caf..c0be45be43 100644 --- a/docs/jwt/verify/interfaces/JWTVerifyOptions.md +++ b/docs/jwt/verify/interfaces/JWTVerifyOptions.md @@ -38,6 +38,9 @@ Expected clock tolerance - In seconds when number (e.g. 5) - Parsed as seconds when a string (e.g. "5 seconds", "10 minutes", "2 hours"). +Used when validating the JWT "nbf" (Not Before) and "exp" (Expiration Time) claims, and when +validating the "iat" (Issued At) claim if the maxTokenAge option is set. + *** ### crit? From c385124ef34c5bc866b98075118238adcd175a61 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 5 Nov 2024 14:02:42 +0000 Subject: [PATCH 2/2] fixup! Adding explanation for clockTolerance on JWTVerifyOptions --- docs/jwt/decrypt/interfaces/JWTDecryptOptions.md | 5 ++++- docs/jwt/verify/interfaces/JWTVerifyOptions.md | 2 +- docs/types/interfaces/JWTClaimVerificationOptions.md | 5 ++++- src/types.d.ts | 5 ++++- 4 files changed, 13 insertions(+), 4 deletions(-) diff --git a/docs/jwt/decrypt/interfaces/JWTDecryptOptions.md b/docs/jwt/decrypt/interfaces/JWTDecryptOptions.md index 5dd4a95af6..29fff14e79 100644 --- a/docs/jwt/decrypt/interfaces/JWTDecryptOptions.md +++ b/docs/jwt/decrypt/interfaces/JWTDecryptOptions.md @@ -22,11 +22,14 @@ This option makes the JWT "aud" (Audience) Claim presence required. • `optional` **clockTolerance**: `string` \| `number` -Expected clock tolerance +Clock skew tolerance - In seconds when number (e.g. 5) - Parsed as seconds when a string (e.g. "5 seconds", "10 minutes", "2 hours"). +Used when validating the JWT "nbf" (Not Before) and "exp" (Expiration Time) claims, and when +validating the "iat" (Issued At) claim if the maxTokenAge option is set. + *** ### contentEncryptionAlgorithms? diff --git a/docs/jwt/verify/interfaces/JWTVerifyOptions.md b/docs/jwt/verify/interfaces/JWTVerifyOptions.md index c0be45be43..9504c56605 100644 --- a/docs/jwt/verify/interfaces/JWTVerifyOptions.md +++ b/docs/jwt/verify/interfaces/JWTVerifyOptions.md @@ -33,7 +33,7 @@ This option makes the JWT "aud" (Audience) Claim presence required. • `optional` **clockTolerance**: `string` \| `number` -Expected clock tolerance +Clock skew tolerance - In seconds when number (e.g. 5) - Parsed as seconds when a string (e.g. "5 seconds", "10 minutes", "2 hours"). diff --git a/docs/types/interfaces/JWTClaimVerificationOptions.md b/docs/types/interfaces/JWTClaimVerificationOptions.md index 4e74e38fe5..322c79ba72 100644 --- a/docs/types/interfaces/JWTClaimVerificationOptions.md +++ b/docs/types/interfaces/JWTClaimVerificationOptions.md @@ -22,11 +22,14 @@ This option makes the JWT "aud" (Audience) Claim presence required. • `optional` **clockTolerance**: `string` \| `number` -Expected clock tolerance +Clock skew tolerance - In seconds when number (e.g. 5) - Parsed as seconds when a string (e.g. "5 seconds", "10 minutes", "2 hours"). +Used when validating the JWT "nbf" (Not Before) and "exp" (Expiration Time) claims, and when +validating the "iat" (Issued At) claim if the maxTokenAge option is set. + *** ### currentDate? diff --git a/src/types.d.ts b/src/types.d.ts index d8be520e24..9d2a3754c7 100644 --- a/src/types.d.ts +++ b/src/types.d.ts @@ -569,10 +569,13 @@ export interface JWTClaimVerificationOptions { audience?: string | string[] /** - * Expected clock tolerance + * Clock skew tolerance * * - In seconds when number (e.g. 5) * - Parsed as seconds when a string (e.g. "5 seconds", "10 minutes", "2 hours"). + * + * Used when validating the JWT "nbf" (Not Before) and "exp" (Expiration Time) claims, and when + * validating the "iat" (Issued At) claim if the maxTokenAge option is set. */ clockTolerance?: string | number