ignoreIat still tries to validate the content of the iat claim - could this be skipped?

[ccpulse]

The provider of the JWT I'm trying to verify has provided string values for several of the timestamp fields (iat, nfb etc) which currently cause the verify method to fail - even with the ignoreIat field set. Would it be possible to change this behaviour to only validate fields which are going to be used for the verification?

[panva]

@ccpulse it causes the method to fail on purpose and as documented - ignoreIat: true skips only the time validation, but the token must still be a valid JWT.

May I recommend to use the JWS interface (does not do any IANA claim type validations) and manually validate the returned payload claims until your provider issuer produces a valid JWT?