use json.Number for claims check

if parser.UseJSONNumber is true then the Claims[“exp”] and
Claims[“nbf”] can be full int64 range, not limited to float64

vnbf and vexp are just flags for whether or not the values were
obtained through either method and should be checked

parser.go

@@ -87,17 +87,38 @@ func (p *Parser) Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
 	// Check expiration times
 	vErr := &ValidationError{}
 	now := TimeFunc().Unix()
-	if exp, ok := token.Claims["exp"].(float64); ok {
+	var exp, nbf int64
-		if now > int64(exp) {
+	var vexp, vnbf bool
-			vErr.err = "token is expired"
+
-			vErr.Errors |= ValidationErrorExpired
+	if p.UseJSONNumber {
+		if num, ok := token.Claims["exp"].(json.Number); ok {
+			if exp, err = num.Int64(); err == nil {
+				vexp = true
+			}
+		}
+		if num, ok := token.Claims["nbf"].(json.Number); ok {
+			if nbf, err = num.Int64(); err == nil {
+				vnbf = true
+			}
+		}
+	} else {
+		var ok bool
+		if exp, ok = token.Claims["exp"].(int64); ok {
+			vexp = true
+		}
+		if nbf, ok = token.Claims["nbf"].(int64); ok {
+			vnbf = true
 		}
 	}
-	if nbf, ok := token.Claims["nbf"].(float64); ok {
+
-		if now < int64(nbf) {
+	if vexp && now > exp {
-			vErr.err = "token is not valid yet"
+		vErr.err = "token is expired"
-			vErr.Errors |= ValidationErrorNotValidYet
+		vErr.Errors |= ValidationErrorExpired
-		}
+	}
+
+	if vnbf && now < nbf {
+		vErr.err = "token is not valid yet"
+		vErr.Errors |= ValidationErrorNotValidYet
 	}
 
 	// Perform validation