Removed iat value check (#329)

__tests__/jwt.test.ts

@@ -210,17 +210,6 @@ describe('jwt', async () => {
       'Issued At (iat) claim must be a number present in the ID token'
     );
   });
-  it('validates iat', async () => {
-    const tomorrow = new Date();
-    tomorrow.setDate(tomorrow.getDate() + 1);
-    const id_token = await createJWT({
-      ...DEFAULT_PAYLOAD,
-      iat: tomorrow.getTime()
-    });
-    expect(() => verify({ ...verifyOptions, id_token })).toThrow(
-      'Issued At (iat) claim error in the ID token'
-    );
-  });
   it('does not validate nonce is present when options.nonce is undefined', async () => {
     const id_token = await createJWT({ ...DEFAULT_PAYLOAD, nonce: undefined });
     expect(() =>

src/jwt.ts

@@ -160,26 +160,19 @@ export const verify = (options: JWTVerifyOptions) => {
   const leeway = options.leeway || 60;
   const now = new Date();
   const expDate = new Date(0);
-  const iatDate = new Date(0);
   const nbfDate = new Date(0);
   const authTimeDate = new Date(0);
   authTimeDate.setUTCSeconds(
     (parseInt(decoded.claims.auth_time) + options.max_age) / 1000 + leeway
   );
   expDate.setUTCSeconds(decoded.claims.exp + leeway);
-  iatDate.setUTCSeconds(decoded.claims.iat - leeway);
   nbfDate.setUTCSeconds(decoded.claims.nbf - leeway);
 
   if (now > expDate) {
     throw new Error(
       `Expiration Time (exp) claim error in the ID token; current time (${now}) is after expiration time (${expDate})`
     );
   }
-  if (now < iatDate) {
-    throw new Error(
-      `Issued At (iat) claim error in the ID token; current time (${now}) is before issued at time (${iatDate})`
-    );
-  }
   if (isNumber(decoded.claims.nbf) && now < nbfDate) {
     throw new Error(
       `Not Before time (nbf) claim in the ID token indicates that this token can't be used just yet. Currrent time (${now}) is before ${nbfDate}`