`verify_expiration` was removed too soonbring-verify_expiration-back

- Merge with `verify_exp` option
- Add deprecation warning

2 files changed, 27 insertions, 0 deletions

diff --git a/jwt/api_jwt.py b/jwt/api_jwt.py
index 4a8a3ae..c1bc058 100644
--- a/jwt/api_jwt.py
+++ b/jwt/api_jwt.py
@@ -1,4 +1,5 @@
 import json
+import warnings
 
 from calendar import timegm
 from collections import Mapping
@@ -74,6 +75,12 @@ class PyJWT(PyJWS):
 
     def _validate_claims(self, payload, audience=None, issuer=None, leeway=0,
                          options=None, **kwargs):
+
+        if 'verify_expiration' in kwargs:
+            options['verify_exp'] = kwargs.get('verify_expiration', True)
+            warnings.warn('The verify_expiration parameter is deprecated. '
+                          'Please use options instead.', DeprecationWarning)
+
         if isinstance(leeway, timedelta):
             leeway = timedelta_total_seconds(leeway)
 
diff --git a/tests/test_api_jwt.py b/tests/test_api_jwt.py
index 8b2b852..4361d6e 100644
--- a/tests/test_api_jwt.py
+++ b/tests/test_api_jwt.py
@@ -419,3 +419,23 @@ class TestJWT:
         payload = jwt.decode(token, 'secret')
 
         assert payload == {'some_decimal': 'it worked'}
+
+    def test_decode_with_verify_expiration_kwarg(self, jwt, payload):
+        payload['exp'] = utc_timestamp() - 1
+        secret = 'secret'
+        jwt_message = jwt.encode(payload, secret)
+
+        pytest.deprecated_call(
+            jwt.decode,
+            jwt_message,
+            secret,
+            verify_expiration=False
+        )
+
+        with pytest.raises(ExpiredSignatureError):
+            pytest.deprecated_call(
+                jwt.decode,
+                jwt_message,
+                secret,
+                verify_expiration=True
+            )