From be150bb702db5d51e353b0bc33d40ec8da0993dd Mon Sep 17 00:00:00 2001
From: Carl Alexander Adams <carlalex@overlords.com>
Date: Thu, 3 Apr 2025 09:53:00 -0700
Subject: [PATCH 1/4] redact API keys from TTY output

---
 src/planet_auth_utils/commands/cli/jwt_cmd.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/planet_auth_utils/commands/cli/jwt_cmd.py b/src/planet_auth_utils/commands/cli/jwt_cmd.py
index 28141ec..5fdf911 100644
--- a/src/planet_auth_utils/commands/cli/jwt_cmd.py
+++ b/src/planet_auth_utils/commands/cli/jwt_cmd.py
@@ -57,6 +57,8 @@ def _human_timestamp_iso(d):
                     if (key == "exp") and (d[key] < time.time()):
                         fmt_time += " (Expired)"
                     d[key] = fmt_time
+                elif key in ["api_key"]:
+                    d[key] = "REDACTED"
                 elif isinstance(value, dict):
                     _human_timestamp_iso(value)
             return d

From 60b2b02b81e7236168c823b7ce2c1dcb3b4f7a2c Mon Sep 17 00:00:00 2001
From: Carl Alexander Adams <carlalex@overlords.com>
Date: Fri, 4 Apr 2025 17:51:34 -0700
Subject: [PATCH 2/4] cleanup

---
 src/planet_auth_utils/commands/cli/jwt_cmd.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/planet_auth_utils/commands/cli/jwt_cmd.py b/src/planet_auth_utils/commands/cli/jwt_cmd.py
index 5fdf911..61347ac 100644
--- a/src/planet_auth_utils/commands/cli/jwt_cmd.py
+++ b/src/planet_auth_utils/commands/cli/jwt_cmd.py
@@ -50,21 +50,23 @@ def __init__(self, data):
         self._data = data
 
     def __json_pretty_dumps__(self):
-        def _human_timestamp_iso(d):
+        def _human_readable_jwt_claim(d):
             for key, value in list(d.items()):
                 if key in ["iat", "exp", "nbf"] and isinstance(value, int):
+                    # UNIX Time stamps in ISO format
                     fmt_time = time.strftime("%Y-%m-%dT%H:%M:%S%z", time.localtime(value))
                     if (key == "exp") and (d[key] < time.time()):
                         fmt_time += " (Expired)"
                     d[key] = fmt_time
                 elif key in ["api_key"]:
+                    # Redact sensitive values
                     d[key] = "REDACTED"
                 elif isinstance(value, dict):
-                    _human_timestamp_iso(value)
+                    _human_readable_jwt_claim(value)
             return d
 
         json_dumps = self._data.copy()
-        _human_timestamp_iso(json_dumps)
+        _human_readable_jwt_claim(json_dumps)
         return json_dumps
 
 

From a9a0c3df641e1a18d2682d4709452ec070b5a2cb Mon Sep 17 00:00:00 2001
From: Carl Alexander Adams <carlalex@overlords.com>
Date: Fri, 4 Apr 2025 17:52:23 -0700
Subject: [PATCH 3/4] cleanup

---
 src/planet_auth_utils/commands/cli/jwt_cmd.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/planet_auth_utils/commands/cli/jwt_cmd.py b/src/planet_auth_utils/commands/cli/jwt_cmd.py
index 61347ac..c551f27 100644
--- a/src/planet_auth_utils/commands/cli/jwt_cmd.py
+++ b/src/planet_auth_utils/commands/cli/jwt_cmd.py
@@ -53,7 +53,7 @@ def __json_pretty_dumps__(self):
         def _human_readable_jwt_claim(d):
             for key, value in list(d.items()):
                 if key in ["iat", "exp", "nbf"] and isinstance(value, int):
-                    # UNIX Time stamps in ISO format
+                    # UNIX Time stamps in ISO format, with annotations.
                     fmt_time = time.strftime("%Y-%m-%dT%H:%M:%S%z", time.localtime(value))
                     if (key == "exp") and (d[key] < time.time()):
                         fmt_time += " (Expired)"

From 0e60d09c7b34b44981757a29db9222cf3a33ac59 Mon Sep 17 00:00:00 2001
From: Carl Alexander Adams <carlalex@overlords.com>
Date: Fri, 4 Apr 2025 17:55:29 -0700
Subject: [PATCH 4/4] add future annotation for 'nbf' claim

---
 src/planet_auth_utils/commands/cli/jwt_cmd.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/planet_auth_utils/commands/cli/jwt_cmd.py b/src/planet_auth_utils/commands/cli/jwt_cmd.py
index c551f27..ed027d5 100644
--- a/src/planet_auth_utils/commands/cli/jwt_cmd.py
+++ b/src/planet_auth_utils/commands/cli/jwt_cmd.py
@@ -53,10 +53,13 @@ def __json_pretty_dumps__(self):
         def _human_readable_jwt_claim(d):
             for key, value in list(d.items()):
                 if key in ["iat", "exp", "nbf"] and isinstance(value, int):
-                    # UNIX Time stamps in ISO format, with annotations.
+                    # UNIX Timestamps in ISO format, with annotations.
                     fmt_time = time.strftime("%Y-%m-%dT%H:%M:%S%z", time.localtime(value))
-                    if (key == "exp") and (d[key] < time.time()):
+                    now = time.time()
+                    if (key == "exp") and (d[key] < now):
                         fmt_time += " (Expired)"
+                    if (key == "nbf") and (d[key] > now):
+                        fmt_time += " (Future)"
                     d[key] = fmt_time
                 elif key in ["api_key"]:
                     # Redact sensitive values