lib/jwt.rb in jwt-1.2.0 vs lib/jwt.rb in jwt-1.2.1
- old
+ new
@@ -97,22 +97,22 @@
def decode(jwt, key=nil, verify=true, options={}, &keyfinder)
raise JWT::DecodeError.new("Nil JSON web token") unless jwt
header, payload, signature, signing_input = decoded_segments(jwt, verify)
raise JWT::DecodeError.new("Not enough or too many segments") unless header && payload
-
+
default_options = {
:verify_expiration => true,
:leeway => 0
}
options = default_options.merge(options)
-
+
if verify
algo, key = signature_algorithm_and_key(header, key, &keyfinder)
verify_signature(algo, key, signing_input, signature)
end
if options[:verify_expiration] && payload.include?('exp')
- raise JWT::ExpiredSignature.new("Signature has expired") unless payload['exp'] > (Time.now.to_i - options[:leeway])
+ raise JWT::ExpiredSignature.new("Signature has expired") unless payload['exp'].to_i > (Time.now.to_i - options[:leeway])
end
return payload,header
end
def signature_algorithm_and_key(header, key, &keyfinder)