ASVS Requirement 9.2.1

• Level: 1
• Chapter: V9 Self-contained Tokens
• Section: V9.2 Token content
• Source: 0x18-V9-Self-contained-Tokens.md

Description

Verify that, if a validity time span is present in the token data, the token and its content are accepted only if the verification time is within this validity time span. For example, for JWTs, the claims 'nbf' and 'exp' must be verified.