Here is my question on SO: SO QUESTION
I am trying to verify my JWT token with this library.
The library does under the hood the following:
import jwt from 'jsonwebtoken';
jwt.verify(
idToken, /** The idToken validates only if not expired */
_getIdTokenApplePublicKey, /** Gets the Apple Public Key corresponding to the JSON's header */
{
algorithms: 'RS256',
issuer: ENDPOINT_URL,
...options, /** audience: config.CLIENT_ID_APPLE, ignoreExpiration: true, // ignore token expiry (never expires) */
},
After further research I see that this error only occurs when the token is expired.
JsonWebTokenError: error in secret or public key callback: input error: Invalid id token public key id at /app/node_modules/jsonwebtoken/verify.js:96:19 at _getIdTokenApplePublicKey (/app/node_modules/apple-signin-auth/lib/index.js:1:5730) at runMicrotasks () at processTicksAndRejections (internal/process/task_queues.js:95:5)
But I am setting in the options object the flag ignoreExpiration to true. According to this Documentation. Why is it throwing the error or how can I ignore the expiration successfully? Maybe I need to add maxAge to the options?
Thanks for the help!