Name: http_jwt_max_age
Type: DURATION
Default-Value: 0s
Last-Modified: 3.6.0

Defines the timespan in which a JSON Web Token is valid (see
*http_jwt_key*).  The value must be zero or positive.

If non-zero, the timespan starts at the point in time specified in the
"iat" claim of the JWS Payload and ends after the duration of this option
value has passed. Tokens without an "iat" claim, or with an issue date in
the future, are rejected. There is no leeway for clock skew. Starting from
Cyrus version 3.8, the "iat" claim only is validated if no "exp" claim is
present.

The zero value disables validation of the "iat" JWS claim.

Starting from Cyrus 3.8, the "nbf" and "exp" claims always are validated.
