Why is NumericDate used as the date format in JWT?

trenskow · September 22, 2020, 11:22am

I was just curious…

Why has it been chosen in the RFC, that dates are represented as seconds since UNIX epoch?

Why wasn’t either milliseconds since UNIX epoch chosen (as .getTime() of JavaScript’s Date type returns) or ISO 8601 (as .toJSON() of JavaScript’s Date type returns) – both of which the Date constructor also allows. I use JWTs quite extensively, and it has always puzzled me, as to why this format what chosen, as it is not very “JavaScript natural”.

To me JSON is JavaScript Object Notation, and therefore it makes sense to use some JavaScript native date formatting?

So, I really just wanted to ask about the rationale.

I apogolize in advance if this has been answered before.

jmangelo · September 22, 2020, 1:49pm

You’ll likely have to go ask the spec authors or try to go spelunking in the OAuth working group mailing lists to see if the rationale was ever discussed there. My opinion would be that give JSON does not mandate a specific format, a format that would have good interoperability and be commonly supported would be a good choice.

In relation to why seconds and not milliseconds, not sure, likely milliseconds precision was not required and for a format aiming to be compact that would reduce a few characters.

Topic		Replies	Views
How can I make a token expire in 30 seconds please? JWT.io expiration	3	4159	September 11, 2021
Jwt-decode in TypeScript JWT.io typescript	2	6105	August 26, 2019
Error: JWTVerificationException :: The Token can't be used before [date/time] Knowledge Articles	1	1414	July 26, 2023
Character used in JWT JWT.io	2	5857	January 18, 2019
Why is my access token an invalid format? Help apis , application	6	2594	January 13, 2024

Why is NumericDate used as the date format in JWT?

Related topics