Home

NBF

Not Before (nbf) is a registered claim defined for JSON Web Tokens (JWT) by RFC 7519. It specifies the time before which the token must not be accepted for processing, effectively delaying when a token becomes valid. The value is a numeric date expressed as the number of seconds since the Unix epoch (UTC) and uses the same time format as the exp (expiration time) and iat (issued at) claims. If the nbf claim is present, the token should not be considered valid before that time; if it is absent, there is no lower time bound imposed by this claim.

During token validation, the relying party compares the current time to the nbf value. The token should

nbf exists alongside other time-based claims such as exp and iat. A token is typically considered valid

Security considerations include ensuring accurate time sources and consistent time synchronization, and avoiding reliance on client-side

See also: JSON Web Tokens, RFC 7519, registered claims, clock skew, exp, iat.

be
rejected
if
the
current
time
is
before
nbf.
In
practice,
implementations
often
allow
a
small
clock
skew
to
account
for
drift
between
systems;
the
allowed
skew
is
configurable.
only
when
iat
<=
now
<=
exp
and
now
>=
nbf
if
those
claims
are
present.
The
Not
Before
claim
is
useful
for
delaying
token
activation,
such
as
in
scheduled
access
windows
or
pre-provisioning
scenarios.
clocks.
Misconfiguration
or
excessive
clock
skew
can
either
cause
valid
tokens
to
be
rejected
or
enable
access
outside
intended
windows.