Question about token expiry

kkrp1 · May 16, 2023, 11:06am

Hey everyone,

I note that the JWT returns an exp key in its payload, which denotes when the token expires.

My question is, do I have to implement this myself (i.e. grab this value, check it’s in the future, etc.) or does token validation fail automatically if it’s expired?

I’m currently validating the JWT via express-oauth2-jwt-bearer, like so:

const { auth } = require('express-oauth2-jwt-bearer');
auth({
	audience: process.env.AUTH0_API_AUDIENCE,
	issuerBaseURL: process.env.AUTH0_API_DOMAIN
});

Will this fail if the token has expired, or does it merely check the signing?

Thank you.

tyf · May 26, 2023, 11:21pm

Hey @kkrp1 !

Token validation should fail if the token is expired according to its exp claim.

Cheers!

system · June 9, 2023, 11:22pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
JWT token with invalid 'exp' time does not give exception. Help java , jwt-validation , expiration , jjwt	3	5622	March 2, 2018
Expiration time not being checked if exp field does not exist Help sessions	1	675	January 2, 2024
Id_token expiration check Help jwt , id_token , expiration	3	4525	April 22, 2022
Id token expires_in different from JWT exp Help	6	5945	September 3, 2019
JWT authenticate was once working on my NodeJS api, now returning a 401 error JWT.io	12	8879	August 27, 2019

Question about token expiry

Related topics