Id_token expiration check

Please include the following information in your post:

  • Which SDK this is regarding: express-openid-connect
  • SDK Version: e.g. 2.5.2
  • Platform Version: e.g. Node 14.18.1

I have a pretty simple node app protected by Okta which basically uses the default options to auth(). After logging in, when making a request to a route protected with requiresAuth it appears as though the default implementation merely calls isAuthenticated which only checks for the existence of an id_token.

Dumb question, shouldn’t it also check if the token is expired? Or is this something that I’m expected to do myself?