optional date claims

[nelz9999]

Solves #219

[CLAassistant]

All committers have signed the CLA.

[nelz9999]

Aww jeez, t.Run(...) doesn't exist pre-1.7. 😢 I'll have to tidy that up later tonight.

[mcpherrinm]

1.7 is pretty old at this point. Seems fine to just bump the requirements up to something more recent.

[mcpherrinm]

sorry, I accidentally pressed "close and comment" instead of just "comment"

[nelz9999]

Bumping to 1.7 seems like a bigger breaking change than I feel empowered to make. I'll probably just make my tests work in pre-1.7, and let the low-version policy decision be handled elsewhere.

[csstaub]

Go 1.7 came out in August 2016, seems reasonable to bump that requirement.

Here's a PR for it to rebase on: #221

[nelz9999]

Rebased, and it seems to have passed!

[csstaub]

This looks good, thank you @nelz9999!

One concern I have that I'd like input on: some callers might want to enforce the presence of an expiration in the token. This was previously enforced (though not on purpose I suppose) but now isn't. It's probably sufficient to make this clear in the release notes, but maybe this is something we'd want to support in the API. Any thoughts or opinions on this?

[nelz9999]

some callers might want to enforce the presence of an expiration in the token

This is a little related to the scenario I'm programming against right now. My feeling is that much like non-standard claims, if the caller wants to verify things surpassing the requirements of the spec, they should do that on their own. And I believe the JSONWebToken.Claims(...) decoding into arbitrary structs is a fine affordance for that.

[nelz9999]

And now I'm gonna be a little annoying... D'you have any idea when this might be released? 😇

[csstaub]

Soon, I just have to type up release notes and such

[csstaub]

Voilà: https://github.com/square/go-jose/releases/tag/v2.3.0