Invalidate exp when exp == now() (#797)

* Invalidate exp when exp == now() * Update changelog
author: William Edmisten <91079455+wcedmisten-reify@users.noreply.github.com> 2022-09-23 07:14:12 -0400
committer: GitHub <noreply@github.com> 2022-09-23 17:14:12 +0600
commit: 8ccb8258508721f67fb3bb0678080111ef22d6d3 (patch)
tree: 9fa27a2f39261286cf13cc038219fd23a7677e10
parent: 1cba0db67870b80ab386476e96657c2098ff5816 (diff)
download: pyjwt-8ccb8258508721f67fb3bb0678080111ef22d6d3.tar.gz
2 files changed, 3 insertions, 1 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index fb936fd..2432203 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -13,6 +13,8 @@ Changed
 Fixed
 ~~~~~
 
+- Invalidate token on the exact second the token expires `#797 <https://github.com/jpadilla/pyjwt/pull/797>`_
+
 Added
 ~~~~~
 
diff --git a/jwt/api_jwt.py b/jwt/api_jwt.py
index 91a6d2e..a391793 100644
--- a/jwt/api_jwt.py
+++ b/jwt/api_jwt.py
@@ -230,7 +230,7 @@ class PyJWT:
         except ValueError:
             raise DecodeError("Expiration Time claim (exp) must be an" " integer.")
 
-        if exp < (now - leeway):
+        if exp <= (now - leeway):
             raise ExpiredSignatureError("Signature has expired")
 
     def _validate_aud(self, payload, audience):
author	William Edmisten <91079455+wcedmisten-reify@users.noreply.github.com>	2022-09-23 07:14:12 -0400
committer	GitHub <noreply@github.com>	2022-09-23 17:14:12 +0600
commit	8ccb8258508721f67fb3bb0678080111ef22d6d3 (patch)
tree	9fa27a2f39261286cf13cc038219fd23a7677e10
parent	1cba0db67870b80ab386476e96657c2098ff5816 (diff)
download	pyjwt-8ccb8258508721f67fb3bb0678080111ef22d6d3.tar.gz