Invalidate exp when exp == now() (#797)

wcedmisten-reify · web-flow · commit 8ccb82585087 · 2022-09-23T17:14:12.000+06:00
* Invalidate exp when exp == now()

* Update changelog
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -13,6 +13,8 @@ Changed
 Fixed
 ~~~~~
 
+- Invalidate token on the exact second the token expires `#797 <https://github.com/jpadilla/pyjwt/pull/797>`_
+
 Added
 ~~~~~
 
diff --git a/jwt/api_jwt.py b/jwt/api_jwt.py
@@ -230,7 +230,7 @@ def _validate_exp(self, payload, now, leeway):
         except ValueError:
             raise DecodeError("Expiration Time claim (exp) must be an" " integer.")
 
-        if exp < (now - leeway):
+        if exp <= (now - leeway):
             raise ExpiredSignatureError("Signature has expired")
 
     def _validate_aud(self, payload, audience):

-Original file line number
+Diff line change
 Fixed
 ~~~~~
 +- Invalidate token on the exact second the token expires `#797 <https://github.com/jpadilla/pyjwt/pull/797>`_
++
 Added
 ~~~~~