Question about token expiry

kkrp1 · May 16, 2023, 11:06am

Hey everyone,

I note that the JWT returns an exp key in its payload, which denotes when the token expires.

My question is, do I have to implement this myself (i.e. grab this value, check it’s in the future, etc.) or does token validation fail automatically if it’s expired?

I’m currently validating the JWT via express-oauth2-jwt-bearer, like so:

const { auth } = require('express-oauth2-jwt-bearer');
auth({
	audience: process.env.AUTH0_API_AUDIENCE,
	issuerBaseURL: process.env.AUTH0_API_DOMAIN
});

Will this fail if the token has expired, or does it merely check the signing?

Thank you.

tyf · May 26, 2023, 11:21pm

Hey @kkrp1 !

Token validation should fail if the token is expired according to its exp claim.

Cheers!

system · June 9, 2023, 11:22pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
JWT token with invalid 'exp' time does not give exception. Help java , jwt-validation , expiration , jjwt	3	5612	March 2, 2018
Expiration time not being checked if exp field does not exist Help sessions	1	663	January 2, 2024
JWT authenticate was once working on my NodeJS api, now returning a 401 error JWT.io	12	8867	August 27, 2019
Expires_in value is always 86400 SOLVED Help jwt , auth0 , expiration	3	15512	February 9, 2020
Checking token validity/expiry Help id_token , access-token	8	30323	August 16, 2019

Question about token expiry

Related Topics