Test-PodeJwt exp and nbf validation incorrect

[avin3sh]

Describe the Bug

Test-PodeJwt, responsible for validating JWT payload when using JWT auth scheme will return The JWT has expired in certain scenarios based on the machine's local timezone even though the JWT expiry is in future.

Steps To Reproduce

This can be reproduced by enabling JWT authentication, and changing the machine timezone ahead of UTC.

Expected Behavior

If JWT exp is in future, Pode should not return The JWT has expired

Platform

• OS: Windows
• Browser: Chrome, Firefox
• Versions:
  • Pode: Pode v2.8.0
  • PowerShell: PS5.1, PS 7.2.4

Additional Context

As per the definition of NumericDate in rfc7519 exp and nbf should represent "...number of seconds from 1970-01-01T00:00:00Z UTC...".

However, given the following initialization in Cryptography.ps1

Pode/src/Private/Cryptography.ps1

Lines 264 to 265 in 9b1456e

	$now = [datetime]::Now
	$unixStart = [datetime]::new(1970, 1, 1)

The Kind for these objects will be Local and Unspecified respectively.

As per Remarks in DateTime.Equality documentation,

The Equality operator determines whether two DateTime values are equal by comparing their number of ticks. Before comparing DateTime objects, make sure that the objects represent times in the same time zone. You can do this by comparing the values of their Kind property.

The value for Ticks property would be different when DateTimeKind is specified, vs. when it is not

PS C:> ([datetime]::new(1970, 1, 1)).Ticks
621355968000000000
PS C:> ([datetime]::new(1970, 1, 1, 0, 0, [DateTimeKind]::Utc)).Ticks
621355968010000000

This makes the existing implementation of JWT validation invalid. This could be fixed by initializing $now as UtcNow and using the overload that allows specifying DateTimeKind for $unixStart. I will share a PR for this shortly in case it is helpful.