diff --git a/pycognito/__init__.py b/pycognito/__init__.py index b6a52ef6..bd28318a 100644 --- a/pycognito/__init__.py +++ b/pycognito/__init__.py @@ -260,6 +260,7 @@ def verify_token(self, token, id_name, token_use): issuer=self.user_pool_url, options={ "require": required_claims, + "verify_iat": False, }, ) except jwt.PyJWTError as err: @@ -274,6 +275,14 @@ def verify_token(self, token, id_name, token_use): f"Your {id_name!r} token use ({token_use!r}) could not be verified." ) + if (iat := verified.get("iat")) is not None: + try: + int(iat) + except ValueError as execption: + raise TokenVerificationException( + f"Your {id_name!r} token's iat claim is not a valid integer." + ) from execption + # Compute and verify at_hash (formerly done by python-jose) if "at_hash" in verified: alg_obj = jwt.get_algorithm_by_name(header["alg"])