Auth0 Home Blog Docs

JWT token with invalid 'exp' time does not give exception.

java
jwt-validation
expiration
jjwt

#1

Here is my JWT Token. This token has expired, and gives me the appropriate exception when I verify this on my local machine. But validates successfully when the same token is validated on the server.
Am I missing something that I need to implement on the Server side?

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJFbWFpbCI6ImJodXNoYW4ucGVuZGhhcmthckBjaXRyaXguY29tIiwiVXNlck5hbWUiOiJiaHVzaGFuLnBlbmRoYXJrYXJAY2l0cml4LmNvbSIsIklkIjoiNzdhNmYzZDEtOGU5Yi00YTE5LThhYTAtZTgwYzUwOTYxZDYxIiwiRnVsbE5hbWUiOiJCaHVzaGFuIFBlbmRoYXJrYXIiLCJuYmYiOjE0OTY5MzgxNTEsImV4cCI6MTQ5NjkzODIxMSwiaWF0IjoxNDk2OTM4MTUxfQ.kyWSmcWy1HNv8UwVjC4ZzuopDRCWYzTInvz6kKjhUDY

Here is my code:

	String lstrJWTSymmetricKey ="Some key";
	
	Claims claims = Jwts.parser()         
    		  .setSigningKey(lstrJWTSymmetricKey.getBytes("utf-8"))
    		   .parseClaimsJws(jwtToken)
    		   .getBody();

#2

If you use the same exact code on the server and on your machine and it only fails due to expiration in your local machine then a likely cause is that the server machine has incorrect time settings.

If you don’t use the same exact code then you need to do a test with the same logic/library/version in order to prove if the above is a valid theory.

In addition, you seem to be using this library so you may also either post an issue on the repository or review if there is already anything related to this reported. You can also find other Java libraries in the Libraries section of jwt.io.


#3

Thanks @jmangelo,
It seems that I used an older JJWT release (jjwt-0.2.jar) on my server and a newer one on my local machine (jjwt-0.7.0.jar). The old one did not provide ‘exp’, ‘iat’ & ‘nbf’ validations.
[SOLVED]


#4