fix: allow 0 in auth_time

Author: alirezameskinmi

src/index.ts

@@ -3549,7 +3549,7 @@ async function processGenericAccessTokenResponse(
     if (claims.auth_time !== undefined) {
       assertNumber(
         claims.auth_time,
-        false,
+        true,
         'ID Token "auth_time" (authentication time)',
         INVALID_RESPONSE,
         { claims },
@@ -5186,7 +5186,7 @@ async function validateHybridResponse(
   if (claims.auth_time !== undefined) {
     assertNumber(
       claims.auth_time,
-      false,
+      true,
       'ID Token "auth_time" (authentication time)',
       INVALID_RESPONSE,
       { claims },

test/authorization_code.test.ts

@@ -777,7 +777,7 @@ test('processAuthorizationCodeResponse() nonce checks', async (t) => {
 test('processAuthorizationCodeResponse() auth_time checks', async (t) => {
   const tIssuer: lib.AuthorizationServer = { ...issuer, jwks_uri: endpoint('jwks') }
 
-  for (const auth_time of [0, -1, null, '1', [], {}, true]) {
+  for (const auth_time of [-1, null, '1', [], {}, true]) {
     await t.throwsAsync(
       lib.processAuthorizationCodeResponse(
         tIssuer,