Allow to skip "issued at" validation

lib/src/main/java/com/auth0/jwt/JWTVerifier.java

@@ -43,6 +43,7 @@ public static class BaseVerification implements Verification {
         private final Algorithm algorithm;
         private final Map<String, Object> claims;
         private long defaultLeeway;
+        private boolean ignoreIssuedAt;
 
         BaseVerification(Algorithm algorithm) throws IllegalArgumentException {
             if (algorithm == null) {
@@ -150,6 +151,14 @@ public Verification acceptIssuedAt(long leeway) throws IllegalArgumentException
             return this;
         }
 
+        /**
+         * Call this method to skip the default issued_at verification
+         */
+        public Verification ignoreIssuedAt() {
+            this.ignoreIssuedAt = true;
+            return this;
+        }
+
         /**
          * Require a specific JWT Id ("jti") claim.
          *
@@ -316,17 +325,20 @@ private void assertNonNull(String name) {
             }
         }
 
-        private void addLeewayToDateClaims() {
-            if (!claims.containsKey(PublicClaims.EXPIRES_AT)) {
-                claims.put(PublicClaims.EXPIRES_AT, defaultLeeway);
-            }
-            if (!claims.containsKey(PublicClaims.NOT_BEFORE)) {
-                claims.put(PublicClaims.NOT_BEFORE, defaultLeeway);
-            }
-            if (!claims.containsKey(PublicClaims.ISSUED_AT)) {
-                claims.put(PublicClaims.ISSUED_AT, defaultLeeway);
-            }
-        }
+		private void addLeewayToDateClaims() {
+			if (!claims.containsKey(PublicClaims.EXPIRES_AT)) {
+				claims.put(PublicClaims.EXPIRES_AT, defaultLeeway);
+			}
+			if (!claims.containsKey(PublicClaims.NOT_BEFORE)) {
+				claims.put(PublicClaims.NOT_BEFORE, defaultLeeway);
+			}
+			if (!claims.containsKey(PublicClaims.ISSUED_AT)) {
+				claims.put(PublicClaims.ISSUED_AT, defaultLeeway);
+			}
+			if(ignoreIssuedAt) {
+				claims.remove(PublicClaims.ISSUED_AT);
+			}
+		}
 
         private void requireClaim(String name, Object value) {
             if (value == null) {

lib/src/main/java/com/auth0/jwt/interfaces/Verification.java

@@ -37,5 +37,7 @@ public interface Verification {
 
     Verification withArrayClaim(String name, Integer... items) throws IllegalArgumentException;
 
+    Verification ignoreIssuedAt();
+
     JWTVerifier build();
 }

lib/src/test/java/com/auth0/jwt/JWTVerifierTest.java

@@ -478,19 +478,30 @@ public void shouldThrowOnNegativeNotBeforeLeeway() throws Exception {
                 .acceptNotBefore(-1);
     }
 
-    // Issued At
+// Issued At with future date
+    @Test (expected = InvalidClaimException.class)
+    public void shouldThrowOnFutureIssuedAt() throws Exception {
+        Clock clock = mock(Clock.class);
+        when(clock.getToday()).thenReturn(new Date(DATE_TOKEN_MS_VALUE - 1000));
+
+        String token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE0Nzc1OTJ9.CWq-6pUXl1bFg81vqOUZbZrheO2kUBd2Xr3FUZmvudE";
+        JWTVerifier.BaseVerification verification = (JWTVerifier.BaseVerification) JWTVerifier.init(Algorithm.HMAC256("secret"));
+
+        DecodedJWT jwt = verification.build(clock).verify(token);
+        assertThat(jwt, is(notNullValue()));
+    }
+
+    // Issued At with future date and ignore flag
     @Test
-    public void shouldValidateIssuedAtWithLeeway() throws Exception {
+    public void shouldSkipIssuedAtVerificationWhenFlagIsPassed() throws Exception {
         Clock clock = mock(Clock.class);
         when(clock.getToday()).thenReturn(new Date(DATE_TOKEN_MS_VALUE - 1000));
 
-        String token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE0Nzc1OTJ9.0WJky9eLN7kuxLyZlmbcXRL3Wy8hLoNCEk5CCl2M4lo";
-        JWTVerifier.BaseVerification verification = (JWTVerifier.BaseVerification) JWTVerifier.init(Algorithm.HMAC256("secret"))
-                .acceptIssuedAt(2);
-        DecodedJWT jwt = verification
-                .build(clock)
-                .verify(token);
+        String token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE0Nzc1OTJ9.CWq-6pUXl1bFg81vqOUZbZrheO2kUBd2Xr3FUZmvudE";
+        JWTVerifier.BaseVerification verification = (JWTVerifier.BaseVerification) JWTVerifier.init(Algorithm.HMAC256("secret"));
+        verification.ignoreIssuedAt();
 
+        DecodedJWT jwt = verification.build(clock).verify(token);
         assertThat(jwt, is(notNullValue()));
     }
 
@@ -508,6 +519,20 @@ public void shouldThrowOnInvalidIssuedAtIfPresent() throws Exception {
                 .verify(token);
     }
 
+    @Test
+    public void shouldOverrideAcceptIssuedAtWhenIgnoreIssuedAtFlagPassedAndSkipTheVerification() throws Exception {
+        Clock clock = mock(Clock.class);
+        when(clock.getToday()).thenReturn(new Date(DATE_TOKEN_MS_VALUE - 1000));
+
+        String token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE0Nzc1OTJ9.0WJky9eLN7kuxLyZlmbcXRL3Wy8hLoNCEk5CCl2M4lo";
+        JWTVerifier.BaseVerification verification = (JWTVerifier.BaseVerification) JWTVerifier.init(Algorithm.HMAC256("secret"));
+        DecodedJWT jwt = verification.acceptIssuedAt(20).ignoreIssuedAt()
+                .build()
+                .verify(token);
+
+        assertThat(jwt, is(notNullValue()));
+    }
+
     @Test
     public void shouldValidateIssuedAtIfPresent() throws Exception {
         Clock clock = mock(Clock.class);