[decode] Support expiration claims

Author: kylef

JWT/JWT.swift

@@ -5,13 +5,16 @@ public typealias Payload = [String:AnyObject]
 public enum InvalidToken : Printable {
   case DecodeError(String)
   case InvalidIssuer
+  case ExpiredSignature
 
   public var description:String {
     switch self {
       case .DecodeError(let error):
         return "Decode Error: \(error)"
       case .InvalidIssuer:
         return "Invalid Issuer"
+      case .ExpiredSignature:
+        return "Expired Signature"
     }
   }
 }
@@ -112,5 +115,15 @@ func validateClaims(payload:Payload, audience:String?, issuer:String?) -> Invali
       return .InvalidIssuer
     }
   }
+
+  if let exp = payload["exp"] as? NSTimeInterval {
+    let expiary = NSDate(timeIntervalSince1970: exp)
+    if expiary.compare(NSDate()) == .OrderedAscending {
+      return .ExpiredSignature
+    }
+  } else if let exp:AnyObject = payload["exp"] {
+    return .DecodeError("Expiration time claim (exp) must be an integer")
+  }
+
   return nil
 }

JWTTests/JWTTests.swift

@@ -13,7 +13,14 @@ class JWTDecodeTests : XCTestCase {
     assertDecodeError(decode("a.b"), "Not enough segments")
   }
 
-  // MARK : Issuer validation
+  // MARK: Disable verify
+
+  func testDisablingVerify() {
+    let jwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.2_8pWJfyPup0YwOXK7g9Dn0cF1E3pdn299t4hSeJy5w"
+    assertSuccess(decode(jwt, verify:false, issuer:"fuller.li"))
+  }
+
+  // MARK: Issuer claim
 
   func testSuccessfulIssuerValidation() {
     let jwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJmdWxsZXIubGkifQ.wOhJ9_6lx-3JGJPmJmtFCDI3kt7uMAMmhHIslti7ryI"
@@ -31,6 +38,26 @@ class JWTDecodeTests : XCTestCase {
     let jwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.2_8pWJfyPup0YwOXK7g9Dn0cF1E3pdn299t4hSeJy5w"
     assertFailure(decode(jwt, issuer:"fuller.li"))
   }
+
+  // MARK: Expiration claim
+
+  func testExpiredClaim() {
+    let jwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0MjgxODg0OTF9.cy6b2szsNkKnHFnz2GjTatGjoHBTs8vBKnPGZgpp91I"
+    assertFailure(decode(jwt))
+  }
+
+  func testInvalidExpiaryClaim() {
+    let jwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOlsiMTQyODE4ODQ5MSJdfQ.OwF-wd3THjxrEGUhh6IdnNhxQZ7ydwJ3Z6J_dfl9MBs"
+    assertFailure(decode(jwt))
+  }
+
+  func testUnexpiredClaim() {
+    // If this just started failing, hello 2024!
+    let jwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MjgxODg0OTF9.7QIdg6ijLJpeiG4m_TqIG9alXLhHMidWDBELkhtUqYw"
+    assertSuccess(decode(jwt)) { payload in
+      XCTAssertEqual(payload as NSDictionary, ["exp": 1728188491])
+    }
+  }
 }
 
 // MARK: Helpers

README.md

@@ -14,17 +14,18 @@ pod 'JWT'
 
 ## Usage
 
-### Verify a JWT
+### Decoding a JWT
 
 ```swift
 import JWT
 
-JWT.verify("eyJhbG...y5w")
+JWT.decode("eyJhbG...y5w")
 ```
 
 #### Supported claims
 
 - Issuer (`iss`) Claim
+- Expiration Time (`exp`) Claim
 
 ## License