Id token expires_in different from JWT exp

I am using Auth0-js in an Angular 6 application.
I used the example implementation as a foundation for my own implementation.
However, I’m finding that my application thinks the user is logged in because the expires_in is valid, but when the application passes the JWT to the server, the server indicates the JWT is expired.
So, in my case, the expires_in returned by parseHash() is not matching the JWT’s exp.
Anyone have any idea why this would be the case?

Hi Sean.
If you inspect the HTTP traffic with the browser developer tools, you should be able to see Auth0’s response after the authentication, with a 302 that points to something like this:


Take the token (which is the Access Token) and decode it in The exp claim has a unix time with the expiration date. Compare that with the current time plus the number of seconds in expires_in. Do they match?

1 Like

Hey there @Sean_McIlvenna!

Have you been able to try out Nico’s suggestion? Let us know if you require further assistance

I experience the same issue:
expire_at: 1545309531492

exp: 1545305930

There is exactly one hour between them (if we do not consider the millisecs)

The expire_at value reflects the setting in manage.auth0 (Token Expiration For Browser Flows (Seconds)) it is 2hours after login.

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?