Auth0 Home Blog Docs

Id token expires_in different from JWT exp


#1

I am using Auth0-js in an Angular 6 application.
I used the example implementation as a foundation for my own implementation.
However, I’m finding that my application thinks the user is logged in because the expires_in is valid, but when the application passes the JWT to the server, the server indicates the JWT is expired.
So, in my case, the expires_in returned by parseHash() is not matching the JWT’s exp.
Anyone have any idea why this would be the case?


#3

Hi Sean.
If you inspect the HTTP traffic with the browser developer tools, you should be able to see Auth0’s response after the authentication, with a 302 that points to something like this:

Location: https://yourapp.com/callback#token=[...]&expires_in=[...]&id_token=[...]&...

Take the token (which is the Access Token) and decode it in https://jwt.io. The exp claim has a unix time with the expiration date. Compare that with the current time plus the number of seconds in expires_in. Do they match?


#4

Hey there @Sean_McIlvenna!

Have you been able to try out Nico’s suggestion?