If it does, how can I configure? Or if it doesn't, how can I implement it? Please advise.

This plugin can only check for a presence of a claim in token at the moment.
You can implement token expiration verification and other checks in OPA policies instead.

Using OPA is optional, I guess we can add support for 'iat' and 'exp' in the plugin as well

@myagmarsurensedjav please check v0.1.1, I have added support for 'exp' and 'iat' checks.
You'll need to add them to 'PayloadFields', to enforce that the fields are present and valid.

@blagerweij it works great! thank you.

Hello @blagerweij

There's a tricky bug in your implementation, that we had to fix in our OPA checks few weeks ago.
It's related to iat claim check at https://github.com/team-carepay/traefik-jwt-plugin/blob/main/jwt.go#L372

The condition must be >= not just >. Since those claims/times should be number of seconds since 1970 it is very likely that just issued JWT tokens will fail the check because their issue dates will be equal.

Also I suggest to create a new variable with time.Now().Unix() before checking both claims, so the if condition will compare token expiation claims to the same value of "now".