nbf
Registry Context
Optional introspection-response field indicating the time before which the token is not to be used.
Technical Summary
RFC 7662 defines `nbf` as an optional top-level introspection-response member containing an integer timestamp measured in seconds since January 1, 1970 UTC. Its semantics are defined by the JWT `nbf` claim in RFC 7519.
When Used
When an authorization server returns not-before information about an introspected token.
Normative Requirements
Authorization servers
RFC 7519 - Section 4.1.5
represent `nbf` as a number containing a NumericDate value.
Condition: if `nbf` is present
Its value MUST be a number containing a NumericDate value.
RFC 7662 - Section 2.2
include `nbf` as a top-level introspection-response member containing an integer timestamp measured in seconds since January 1, 1970 UTC and indicating when the token is not to be used before.
nbf OPTIONAL. Integer timestamp, measured in the number of seconds since January 1 1970 UTC
implementer
RFC 7519 - Section 4.1.5
allow a small amount of leeway, usually no more than a few minutes, to account for clock skew.
Condition: when processing `nbf`
Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew.
token processor
RFC 7519 - Section 4.1.5
accept the token for processing before the time identified by `nbf`.
Condition: when applying the `nbf` semantics
the JWT MUST NOT be accepted for processing
RFC 7519 - Section 4.1.5
require the current date and time to be after or equal to the not-before date and time listed in `nbf`.
Condition: when processing `nbf`
the current date/time MUST be after or equal to the not-before date/time
Validation Guidance
Verify that `nbf`, when present, is a JSON integer timestamp measured in seconds since 1970-01-01 UTC.
Reject the token when the current time is earlier than `nbf`, subject to any configured clock-skew leeway.
Reference
Details
- Entry Id
nbf- Name
nbf- Description
Timestamp which the token is not valid before- Change Controller
IESG- Reference
RFC7662 - Section 2.2