When verifying a token, why are claims skipped if they don't exist on the token, despite the token_config claim including a validate func?

[seanpascoe]

Scenario:
Using the default_claims() to create a token_config, the exp claim has a validate function that looks like this: &(&1 > current_time()).
Why is it that if a token is created without an exp, it can be successfully verified by the above token_config? In other words, why does a joken claim that has a validate func of some sort, successfully pass when the given claim does not exist on the token? It seems like if there is any validate func it should automatically fail if the claim doesn't exist on the token. From a security perspective, I don't think we should have to use the required claims hook to enable this functionality. Am I missing something?