Question about token expiry

kkrp1 · May 16, 2023, 11:06am

Hey everyone,

I note that the JWT returns an exp key in its payload, which denotes when the token expires.

My question is, do I have to implement this myself (i.e. grab this value, check it’s in the future, etc.) or does token validation fail automatically if it’s expired?

I’m currently validating the JWT via express-oauth2-jwt-bearer, like so:

const { auth } = require('express-oauth2-jwt-bearer');
auth({
	audience: process.env.AUTH0_API_AUDIENCE,
	issuerBaseURL: process.env.AUTH0_API_DOMAIN
});

Will this fail if the token has expired, or does it merely check the signing?

Thank you.

tyf · May 26, 2023, 11:21pm

Hey @kkrp1 !

Token validation should fail if the token is expired according to its exp claim.

Cheers!

system · June 9, 2023, 11:22pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.