Changed
This update adds a new configuration variable
use_microseconds. It defaults totrueeven if it does not exist so that it does not break backwards compatibility. If you set it tofalsetheDateTimeImmutableobject that we pass toissuedAt()&expiresAt()will be built without microseconds.By removing the microseconds from the
DateTimeImmutableobject, we are letting thelcobucci/jwtpackage know that we want anintand not afloat. You can see this logic in the MicrosecondBasedDateConversion class thatlcobucci/jwtuses to covert allRegisteredClaims::DATE_CLAIMS.The reason that I think this is need this is because the specification can be interpreted as calling for seconds and not seconds with microseconds. The description for "iat" (Issued At) Claim calls for a "NumericDate value" which is defined at the bottom of the Terminology section. That definition even links to IEEE Std 1003.1, 2013 Edition, 2013 which clearly notes, "The divisions in the formula are integer divisions; that is,