Missing leeway as present on the Android SDK

[ppamorim]

Checklist

• I have looked into the Readme and have not found a suitable solution or answer.
• I have searched the issues and have not found a suitable solution or answer.
• I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• I agree to the terms within the Auth0 Code of Conduct.

Describe the problem you'd like to have solved

Hi,

I noted that the Swift version of this library doesn't contain the leeway value as it's present on the auth0/JWTDecode.Android:

https://github.com/auth0/JWTDecode.Android/blob/ec4b54496e684c5fb9e65f5ebb36e6241ef46161/lib/src/main/java/com/auth0/android/jwt/JWT.java#L161-L171

The issue in this source code can be found here:

JWTDecode.swift/JWTDecode/JWTDecode.swift

Line 54 in 75d29dc

return date.compare(Date()) != ComparisonResult.orderedDescending

Is that right? Shouldn't the libraries behave the same between the platforms?

Regards

Describe the ideal solution

Transform the value expired into a function that allow a leeway time, example:

struct JWT {

    var expiresAt: Date?
    //...

    var expired: Bool {
        self.expired()
    }

    func expired(leeway: Int = 0) -> Bool {
        guard let date = self.expiresAt else {
            return false
        }
        return date.compare(applyLeeway(Date(), leeway)) != ComparisonResult.orderedDescending
    }

    private func applyLeeway(_ date: Date, _ leeway: Int) -> Date {
        return date //// + leeway
    }

}

Alternatives and current workarounds

While it's possible to modify the expiredAt, I don't believe it should be done as it's modifying the JWT content.

Additional context

No response

[Widcket]

Hi @ppamorim,

Thanks for raising this. Unfortunately, changing the existing expired property into a function would be a breaking change. We'll keep this in mind though; we might add a new function and deprecate the property.