Question about token expiry

Hey everyone,

I note that the JWT returns an exp key in its payload, which denotes when the token expires.

My question is, do I have to implement this myself (i.e. grab this value, check it’s in the future, etc.) or does token validation fail automatically if it’s expired?

I’m currently validating the JWT via express-oauth2-jwt-bearer, like so:

const { auth } = require('express-oauth2-jwt-bearer');
auth({
	audience: process.env.AUTH0_API_AUDIENCE,
	issuerBaseURL: process.env.AUTH0_API_DOMAIN
});

Will this fail if the token has expired, or does it merely check the signing?

Thank you.

Hey @kkrp1 !

Token validation should fail if the token is expired according to its exp claim.

Cheers!

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.