JSON Web Token and the year 2038 bug

JSON Web Token is a fairly recent standard (May 2015) and yet they decided to go for UNIX timestamps in order to represent dates.

Doesn't this expose the standard to a potential Year 2038 problem in the various implementations? Instead, going for something like the ISO8601 seems more future proof.

Why choosing one above the other?

1 answer

  • answered 2018-03-11 16:47 odino

    Unix timestamps are not that bad -- they definitely help you simplifying a bunch of calculations as opposed to parsing a date.

    In most cases, date claims in JWTs are supposed to be compared to NOW() (think of the exp claim) so it makes sense to use timestamps there.

    I wouldn't worry about the Y2038 bug since a 32-bit system will have bigger problems than issuing JWTs.