Leeway or exp_leeway

[allavena]

Documentation mentions the parameter :exp_leeway. However, in practice, :leeway seems to be what works.

I have an expired token.

JWT.decode token2, key, true, { :exp_leeway => 1000, :algorithm => 'HS256' } # JWT::ExpiredSignature: Signature has expired

JWT.decode token2, key, true, { :leeway => 1000, :algorithm => 'HS256' } # decodes fine. 

Content of my token: [{"exp"=>1501054718, "iat"=>1501053518, "nbf"=>1501053513, "account_id"=>1193 }]

[excpt]

Thanks for the heads up in that case. The documentation is missing information in that case. exp_leeway overrides the leeway setting if both are declared.

[allavena]

Just to be clear. I think I am also saying that :leeway didn't work (or I didn't understand it).

[excpt]

ok. I will check this out.

[excpt]

@allavena Are you able to reproduce the error with version 2.0.0?