Summary
Add jwt_iat and jwt_exp fields to the receipt's publisher block. This enables retrospective verification that the JWT was temporally valid at submission time.
Context
The receipt records channel identity (issuer, subject) but not the JWT's temporal bounds. If the JWT verifier has a bug or clock skew issue, there is no forensic trail to determine whether the token was valid at ingestedAt.
Acceptance Criteria
- Receipt publisher block includes
jwt_iat (issued-at) and jwt_exp (expiration) from JWT claims
- Values are timestamps from the verified JWT, not server-generated
Summary
Add
jwt_iatandjwt_expfields to the receipt's publisher block. This enables retrospective verification that the JWT was temporally valid at submission time.Context
The receipt records channel identity (issuer, subject) but not the JWT's temporal bounds. If the JWT verifier has a bug or clock skew issue, there is no forensic trail to determine whether the token was valid at
ingestedAt.Acceptance Criteria
jwt_iat(issued-at) andjwt_exp(expiration) from JWT claims