JWT doesn't accept some valid JSON number formats


#1

The JSON library I am using encodes large numbers using exponent notation which is valid JSON, but is not accepted by GitHub when decoding the JWT I sent.

{"iat":1.487721468166353e9 ... }

I receive this error from GitHub

"{\"message\":\"'Issued at' claim ('iat') must be a numeric value representing the time that the assertion was issued\",\"documentation_url\":\"https://developer.github.com/v3\"}"

#2

I think it needs a Number, and will not work with a Float? According to this comment anyways.


#3

The JSON spec doesn’t make a distinction between numbers and floats. I don’t think the JWT spec requires whole numbers either.


#4

:wave: Hi @asariley and @tathagatbanerjee

The JWT validation requires an Integer. We’re in the process of updating the error message to be more specific about what the numeric type required. Please let us know if you have any further questions.


#5