Support timestamp values represented as strings

[bmahrkso]

I'm using version 0.7.1 (vs 2017, c++17, Win11), and as soon as it comes to JWT verification, I get a token timeout exception because iat is screwed up, but according to jwt.io it seems fine.

const std::string token = response.get();
auto decoded = jwt::decode(token);

if (decoded.has_expires_at()) {
    auto exp = decoded.get_expires_at();
    auto iat = decoded.get_issued_at(); // This is already crashing
    auto now = std::chrono::system_clock::now();
    const int i = 0;
}

const std::string secretb64 = "my-secret";
const std::string secret = jwt::base::decode<jwt::alphabet::base64>(secretb64);
jwt::verifier verifier = jwt::verify()
                             .allow_algorithm(jwt::algorithm::hs256{secret})
                             .leeway(60UL);

try {
    verifier.verify(decoded);
}
catch (const jwt::error::token_verification_exception& e) {
    const std::string errorMessage = e.what();
    intern(errorMessage);
    return L"";
}
catch (const jwt::error::signature_verification_exception& e) {
    const std::string errorMessage = e.what();
    intern(errorMessage);
    return L"";
}

"iat": "1754561127",
"nbf": 1754561127,
"exp": 1754561427,

See also token.txt

[bmahrkso]

found it, the issuing of the jwt used the wrong type for iat

[Thalhammer]

I think we should still support "broken" jwt tokens if it doesn't cause too much work. Even if we don't I think we should handle this case different because "has_issued_at" shouldn't return true if the claim is not valid.