Open
Description
See this example: https://runkit.com/mathiasose/5d011f8474348c001fe376a5
I got things a bit mixed up and entered a string value for clockTolerance, and found it causes verify() to accept expired tokens.
I did eventually realize that the docs say to put "number of seconds" for clockTolerance, i.e. an integer value, but only after being confused for a while. Seems easy to get it wrong when maxAge does accept strings.
To prevent anyone from getting confused like me in the future, someone should probably make a change to either accept strings like maxAge does, or raising an error if inputting non-integer values for clockTolerance.