http_jwt: update documentation

Signed-off-by: Robert Stepanek <rsto@fastmailteam.com>
cyrusimap · Jun 7, 2023 · 2538b82 · 2538b82
1 parent c745a73
commit 2538b82
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 1 deletion.
diff --git a/changes/next/http_jwt_timeclaims b/changes/next/http_jwt_timeclaims
@@ -0,0 +1,18 @@
+Description:
+
+Adds support for the "exp" and "nbf" to JSON Web Token claims. Thanks to Bruno Thomas (bamthomas).
+
+
+Config changes:
+
+None.
+
+
+Upgrade instructions:
+
+None.
+
+
+GitHub issue:
+
+https://github.com/cyrusimap/cyrus-imapd/pull/4515
diff --git a/lib/imapoptions b/lib/imapoptions
@@ -1148,9 +1148,12 @@ Blank lines and lines beginning with ``#'' are ignored.
    "iat" claim of the JWS Payload and ends after the duration of this
    option value has passed. Tokens without an "iat" claim,
    or with an issue date in the future, are rejected. There is no leeway
-   for clock skew.
+   for clock skew. Starting from Cyrus version 3.8, the "iat" claim
+   only is validated if no "exp" claim is present.
 
    The zero value disables validation of the "iat" JWS claim.
+
+   Starting from Cyrus 3.8, the "nbf" and "exp" claims always are validated.
 */
 
 { "icalendar_max_size", "0", BYTESIZE, "3.8.0" }