Jwt-auth: Unable to create never-expiring token due to PayloadValidator

Created on 1 Mar 2018  路  6Comments  路  Source: tymondesigns/jwt-auth

Subject of the issue

If TTL is set to null by any means (config file, setTTL on guard), the Factory will remove the exp claim from the payload as expected.
However, the exp payload is required in the PayloadValidator, so the generated payload doesn't pass validation.

Your environment

| Q | A
| ----------------- | ---
| Bug? | yes
| New Feature? | no
| Framework | Laravel
| Framework version | 5.6.5
| Package version | 1.0.0-rc.2
| PHP version | 7.1.9

Steps to reproduce

guard()->setTTL(null)->attempt($credentials)

Expected behaviour

I would expect the PayloadValidator to still consider the payload valid in this case.

Actual behaviour

The PayloadValidator raises an error.

stale
Source
picture timvdalen
👍1

Most helpful comment

@johankladder I didn't, I'm using Lumen and hadn't created the config file.
This does suggest that I should be able to load the PayloadValidator singleton and call setRequiredClaims, which should fix my issue.
Feel free to close this.

However, I still think that a TTL of null should disable the exp claim in the PayloadValidator.

picture timvdalen on 18 Mar 2018
👍2

All 6 comments

Did you disable this: 

    'required_claims' => [
        'iss',
        'iat',
        // 'exp', // Enable this when using ttl
        'nbf',
        'sub',
        'jti',
    ],

in the config/jwt.php file?

johankladder picture johankladder on 15 Mar 2018

@johankladder I didn't, I'm using Lumen and hadn't created the config file.
This does suggest that I should be able to load the PayloadValidator singleton and call setRequiredClaims, which should fix my issue.
Feel free to close this.

However, I still think that a TTL of null should disable the exp claim in the PayloadValidator.

timvdalen picture timvdalen on 18 Mar 2018
👍2

You can set JWT_TTL to null + comment exp in required_claims

JWT_TTL=null

From : https://github.com/tymondesigns/jwt-auth/issues/1107

MaximeMaillet picture MaximeMaillet on 28 Feb 2019

You can set JWT_TTL to null + comment exp in required_claims

I did this, but on creating token with custom claim it throws "Token has expired" error
vendor/tymon/jwt-auth/src/Validators/PayloadValidator.php:

if (Utils::timestamp($payload['exp'])->isPast()) {
            throw new TokenExpiredException('Token has expired');
        }
hi-rad picture hi-rad on 29 Apr 2019
🎉1

That worked for me to set infinite time in Laravel 5..8 , change in config > jwt.php
// 'ttl' => env('JWT_TTL', 60),
'ttl' => env('JWT_TTL', null),
and
// 'required_claims' => [ 'iss', 'iat', 'nbf', 'sub', 'jti', 'exp', ],
'required_claims' => [ 'iss', 'iat', 'nbf', 'sub', 'jti', ],

webblufter picture webblufter on 7 Oct 2019

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

stale[bot] picture stale[bot] on 25 Dec 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

gamelife1314 picture gamelife1314  路  3Comments
johncloud200 picture johncloud200  路  3Comments
gandra picture gandra  路  3Comments
mihailo-misic picture mihailo-misic  路  3Comments
loic-lopez picture loic-lopez  路  3Comments