Anything beyond the pure signature verification is controlled by the service being protected. The purpose of
pre_verification callback implementation is to hand off that responsibility to the actual implementation.
The implementation in the fork is calling a convenience function
check_expiration. This function performs expiration check only when expiration time is included the request (
X-Amz-Expires). If expiration is not included in the signed request, the request doesn't expire.
You can replace that
check_expiration call with something of your own. You can even remove it and not worry about the signing timestamp/expiration.
In fact, the actual callback name is
pre_verification. What goes on in that callback is upto the implementaion.
Hope that clarifies.