pyjwkest icon indicating copy to clipboard operation
pyjwkest copied to clipboard

Published 20 hours ago verified publisher icon IdentityPython

No examples on how to set expiry of token

Open neogeno opened this issue 6 years ago • 4 comments

If I set a standard claim "exp" in my JWE token with expiry date in the past it doesn't seem to make any difference. Other libraries will throw an error saying the token has expired? What is the correct usage in this library to specify token expiry?

neogeno avatar Sep 17 '19 07:09 neogeno

I'm not sure I get the question. Creating a JWE token with an "exp" claim that is in the past is possible to do. The "exp" claim is only verified when the payload is verified. So it's not part of verifying a signature or doing a decryption.

rohe avatar Sep 17 '19 08:09 rohe

I mean when I decrypt the token and verify the signature of such a JWE there is no error saying the token has expired. I am still able to view the payload as normal. So do you mean I have to manually check the value of the exp claim to see if the token has expired or not? Pyjwt for example will raise an error when decoding/verifying such tokens if the JWT is expired .

neogeno avatar Sep 17 '19 19:09 neogeno

@neogeno Were you able to set exp in JWE or you implemented the expiration of token manually?

aksh-gupta avatar Nov 20 '20 06:11 aksh-gupta

Had to write a seperate check

neogeno avatar Nov 20 '20 07:11 neogeno