nbf: Defines the time before which the JWT MUST NOT be accepted for processing
I found this definition about nbf
in json web tokens. But still wondering what the usage of nbf
is? Why we use this? Does it relate to the term of security?
Any idea would be appreciated.
nbf" (Not Before) Claim The "nbf" (not before) claim identifies the time before which the JWT MUST NOT be accepted for processing. The processing of the "nbf" claim requires that the current date/time MUST be after or equal to the not-before date/time listed in the "nbf" claim.
nbf (Not Before) Claim — Identifies the time before which the JWT token MUST NOT be accepted for processing. exp (Expiration Time) — Identifies the expiration time on or after which the JWT MUST NOT be accepted for processing.
JWT, or JSON Web Token, is an open standard used to share security information between two parties — a client and a server. Each JWT contains encoded JSON objects, including a set of claims. JWTs are signed using a cryptographic algorithm to ensure that the claims cannot be altered after the token is issued.
Figure 1 shows that a JWT consists of three parts: a header, payload, and signature.
It definitely is up to how you interpret the time.
One of possible scenarios I could make up is literally - when a token must last from some particular point in time til another point in time.
Say, you're selling some API or resource. And a client purchased access that lasts for one hour and the access starts tomorrow in the midday.
So you issue a JWT with:
iat
set to nownbf
set to tomorrow 12:00pmexp
set to tomorrow 1:00pmIf you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With