Auth0 Home Blog Docs

Customizing issuedAt leeway in java library

jwt-validation
auth0-java
iat

#1

How can I adjust how much time variation the JWTVerifier will tolerate?

I see some reference to a defaultLeeway in JWTVerifier.Verification in the java library but I don't see any way to actually set it short of recreating half a dozen classes.


#2

Hi @bradmac

Though I could not understand your concern really well, still on doing a bit of research I found that there is the support to set leeway in the JWTVerfier class

Here is the reference :

/**
         * Define the default window in seconds in which the Not Before, Issued At and Expires At Claims will still be valid.
         * Setting a specific leeway value on a given Claim will override this value for that Claim.
         *
         * @param leeway the window in seconds in which the Not Before, Issued At and Expires At Claims will still be valid.
         * @return this same Verification instance.
         * @throws IllegalArgumentException if leeway is negative.
         */
        @Override
        public Verification acceptLeeway(long leeway) throws IllegalArgumentException {
            assertPositive(leeway);
            this.defaultLeeway = leeway;
            return this;
        }

For more info please visit : [https://github.com/auth0/java-jwt/blob/master/lib/src/main/java/com/auth0/jwt/JWTVerifier.java] (JWTVerifier)


#3