Question about token expiry

Hey everyone,

I note that the JWT returns an exp key in its payload, which denotes when the token expires.

My question is, do I have to implement this myself (i.e. grab this value, check it’s in the future, etc.) or does token validation fail automatically if it’s expired?

I’m currently validating the JWT via express-oauth2-jwt-bearer, like so:

const { auth } = require('express-oauth2-jwt-bearer');
auth({
	audience: process.env.AUTH0_API_AUDIENCE,
	issuerBaseURL: process.env.AUTH0_API_DOMAIN
});

Will this fail if the token has expired, or does it merely check the signing?

Thank you.

Hey @kkrp1 !

Token validation should fail if the token is expired according to its exp claim.

Cheers!