Support for Millisecond timestamps

Question

Support for Millisecond timestamps

BillyAB opened this issue 8 months ago · 2 comments

I am trying to use this library to verify a JWS token that is generated and supplied by a 3rd party for which I have no control over the generation of the token, I've simply been provided their private key.

When I have looked at a token they send, the "iat" and "exp" timestamps are provided in milliseconds, this causes the JWT\BeforeValidException of Cannot handle token with iat prior to 55763-11-20T08:06:45+0000

I have found that I can work around this by calling JWT::$timestamp = microtime(true) * 1000; before the JWT::decode which seems to "fix" the issue, but it seems a little hacky.

Are there any possibilities of this library being updated to check/support milliseconds for the timestamps.

Answer 1 · 2023-11-28T22:34:41.000Z

@BillyAB it seems like a one liner change on the user end. Could you please share your fix so that I can estimate the effort/complexity on users end?
A sample timestamp from the token would also help.

Answer 2 · 2023-12-02T23:34:12.000Z

@vishwarajanand I haven't got a proper fix for this myself.
I simply found a workaround of calling JWT::$timestamp = microtime(true) * 1000; before calling the JWT::decode within my code where I make use of the library to validate the token. However this makes it only work if the provided JWT token is in milliseconds, if it's then provided in seconds, it will then fail to validate.