Hey everyone,
I note that the JWT returns an exp
key in its payload, which denotes when the token expires.
My question is, do I have to implement this myself (i.e. grab this value, check it’s in the future, etc.) or does token validation fail automatically if it’s expired?
I’m currently validating the JWT via express-oauth2-jwt-bearer
, like so:
const { auth } = require('express-oauth2-jwt-bearer');
auth({
audience: process.env.AUTH0_API_AUDIENCE,
issuerBaseURL: process.env.AUTH0_API_DOMAIN
});
Will this fail if the token has expired, or does it merely check the signing?
Thank you.