Hello all!
Given the following base64 payload (no header/signature here):
eyJqdGkiOiIzZjk2NTViYy1hODAyLTRjNmQtYjUyMS0xMTQxY2NjMzI5YjQiLCJleHAiOjE1NzI3OTE5NDEsIm5iZiI6MCwiaWF0IjoxNTcwMTk5OTQxLCJpc3MiOiJodHRwczovL3Nzby5yZWMuZ2FsZWMuZnIvYXV0aC9yZWFsbXMvYmFzZWluZm9zbWFnLXJlYyIsImF1ZCI6ImJhc2VpbmZvc21hZy1zaXRlLXVuaXF1ZS1jbGllbnQiLCJzdWIiOiI2ZTE5ODQzOS03YjMyLTQ2MjMtOTY5Mi1mMmI0YWYwODE0ZGMiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJiYXNlaW5mb3NtYWctc2l0ZS11bmlxdWUtY2xpZW50IiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiZTY3YTk4NTAtMGFmMS00N2RhLThjMzgtNzY0ZTNiNDljOTk3IiwiYWNyIjoiMSIsImFsbG93ZWQtb3JpZ2lucyI6W10sInJlc291cmNlX2FjY2VzcyI6e30sImNsaWVudElkIjoiYmFzZWluZm9zbWFnLXNpdGUtdW5pcXVlLWNsaWVudCIsIm5iZiI6MTU2OTk5Mzc5MSwiY2xpZW50SG9zdCI6IjE5Mi4xNjguMzIuMTMzIiwiaHR0cHM6Ly9oYXN1cmEuaW8vand0L2NsYWltcyI6eyJ4LWhhc3VyYS1hbGxvd2VkLXJvbGVzIjpbImVkaXRvciIsInVzZXIiLCJtb2QiXSwieC1oYXN1cmEtZGVmYXVsdC1yb2xlIjoidXNlciIsIngtaGFzdXJhLXVzZXItaWQiOiIxMjM0NTY3ODkwIiwieC1oYXN1cmEtb3JnLWlkIjoiMTIzIiwieC1oYXN1cmEtY3VzdG9tIjoiY3VzdG9tLXZhbHVlIn0sImF1dGhfdGltZSI6MTU2OTkxMTUwMywicHJlZmVycmVkX3VzZXJuYW1lIjoic2VydmljZS1hY2NvdW50LWJhc2VpbmZvc21hZy1zaXRlLXVuaXF1ZS1jbGllbnQiLCJjbGllbnRBZGRyZXNzIjoiMTkyLjE2OC4zMi4xMzMiLCJlbWFpbCI6InNlcnZpY2UtYWNjb3VudC1iYXNlaW5mb3NtYWctc2l0ZS11bmlxdWUtY2xpZW50QHBsYWNlaG9sZGVyLm9yZyJ9
If I paste that on JWT.io, nbf and auth_time will have correct values.
However, if I paste that on base64decode.org, nbf and auth_time fields will have values = 0.
How would you explain that?
I’m going crazy on it for 1 week!
We were testing our tokens with JWT.io and did not understand until today why they were not working with Google Cloud Endpoints, which does not accept tokens if nbf = 0.
Thanks for your help!