Do what chrono does

[bakcxoj]

resolves #339

I really don't like this approach though.

Why is setting the expiration time user controlled, but not validation? I have to import chrono so I can specify a timestamp for exp, but then the validation call is a black box that does something outside of user control. IMO, there shouldn't be a get_current_timestamp call. The user should have to supply one on calling decode, the same way they do when calling encode

[Keats]

IMO, there shouldn't be a get_current_timestamp call. The user should have to supply one on calling decode, the same way they do when calling encode

That would be horrendous UX. Is there a single JWT library in any languages doing that by default? I can potentially image having it to override the current timestamp for testing purposes but it's present in many languages. I've checked node, python, ruby and .net and only node allows setting it for decode.

Getting the current timestamp has nothing to do with validation