➜ backend git:(user-auth) ✗ node
> var j= require('jsonwebtoken');
undefined
> j.sign('test', 'test', {expiresInMinutes:1});
invalid "expiresInMinutes" option for string payload
jsonwebtoken: expiresInMinutes and expiresInSeconds is deprecated. ()
Use "expiresIn" expressed in seconds.
'eyJhbGciOiJIUzI1NiJ9.dGVzdA.2WmFS_EAdYFCBOFM9pVPo9g4bpuI2I9U_JGTCfrx7Tk'
> j.sign('test', 'test', {expiresIn:60});
invalid "expiresIn" option for string payload
Error: "expiresIn" should be a number of seconds or string representing a timespan eg: "1d", "20h", 60
at Object.JWT.sign (/Users/joehenry/meals/backend/node_modules/jsonwebtoken/index.js:109:13)
at repl:1:3
at REPLServer.defaultEval (repl.js:252:27)
at bound (domain.js:287:14)
at REPLServer.runBound [as eval] (domain.js:300:12)
at REPLServer.<anonymous> (repl.js:417:12)
at emitOne (events.js:82:20)
at REPLServer.emit (events.js:169:7)
at REPLServer.Interface._onLine (readline.js:210:10)
at REPLServer.Interface._line (readline.js:549:8)
>
Am I doing something wrong?
expiresInMinutes was deprecated, you should use expiresIn: '5m' for instance.
Where did you saw that so we can update?
I was getting a deprecation for expiresInMinutes so changed to expireIn, and am still getting similar.
var token = jwt.sign(escaped, config.secret, { expiresIn: '5h' });
and
var token = jwt.sign(escaped, config.secret, { expiresIn: 60*60*5 });
both resulted in the error
invalid "expiresIn" option for string payload
Error: "expiresIn" should be a number of seconds or string representing a timespan eg: "1d", "20h", 60
It looks like the issue is exactly what the warning is. You can't put an expiration on a string payload. It throws a warning about it then continues to fall through and attempt to set payload.exp (but payload is a string), then sees that payload.exp is undefined so assumed you passed something poorly instead of ignoring the invalid option.
yes, I am planning to fail that explicitly instead of warning on the next major version
@rjVapes, ah, I see. If I pass in an object it works. Only for strings does the exp not work. Thanks for pointing that out.
So instead of using this in my code:
return done(err, status, jwt.sign(JSON.stringify(jsonToken), config.secret, {expiresIn: '10h'}));
I instead have to use this?
return done(err, status, jwt.sign(jsonToken, config.secret, {expiresIn: '10h'}));
Is that what we're looking at here? This has been driving me crazy because no matter what I did with the expires time, it failed. And it didn't fail on all environments where the application was running.
@michaeloryl yes, if you use an string payload expiresIn is ignored. You should use an object instead.
Thanks @michaeloryl I think the error message should be more explicit... I lost a couple of hours here also
@jfromaniello jfromaniello
Just out of curiosity... why is expiresIn ignored when I pass a string instead of an object? What's the reason for such an implementation?
@kamilbrzezinski JWT is JSON Web Token, the exp field is an standard claim and is part of the json.
an string is a valid json:
> JSON.stringify("foo")
'"foo"'
> JSON.parse(JSON.stringify("foo")) === 'foo'
true
but a string can't have a property... it will be the equivalent to something like this:
> var a = "foo"
> a.exp = 12333
> JSON.stringify(a)
'"foo"'
Besides the fact that you can't add a property to an string in javascript, there is not a representation in JSON of an string with a property.
@jfromaniello Thanks for the answer, now it's clear!
if I set the expiry as { expiresIn : '365d' } , so should i be assured it will last for 1 year
I'm sorry but i didnt understand nothing.... i'm using JSON.stringify('7d') and it's not working at all... and the error is caming from the verify :
"Illegal argument undefined"
I have no words
@Masterchoc can you explain what you are trying to do? Thanks
for me ,this error occurs because payload is string.
pass object like this to sign function
let payload ={test: 'test string'}
I was getting this error, and it had nothing to do with the options I was passing or anything to do with the expiresIn option. Like what @alikarimii was saying, the payload you are signing needs to be an Object.
WRONG: jwt.sign(user.id, secret, { expiresIn: 60 * 60, algorithm: 'HS256'})
GOOD: jwt.sign({ uid: user.id }, secret, { expiresIn: 60 * 60, algorithm: 'HS256'})
@ddcech , good info, thanks it's work , the solution is to put an object
I was using JSON.stringify() then it breaks the options.
jwt.sign(JSON.stringify(profile},process.env.SECRET,{expiresIn: 60 * 60, algorithm: "HS256"})
When I use JSON.stringify, even options are OK as @ddcech described good ones, it breaks. So I change it to.
jwt.sign({profile},process.env.SECRET,{expiresIn: 60 * 60, algorithm: "HS256"})
Thank you ddcech! This work -
jwt.sign( { userId: user.id }, config.secret , { expiresIn: "2h" });
Most helpful comment
I was getting this error, and it had nothing to do with the options I was passing or anything to do with the
expiresInoption. Like what @alikarimii was saying, the payload you are signing needs to be an Object.WRONG:
jwt.sign(user.id, secret, { expiresIn: 60 * 60, algorithm: 'HS256'})GOOD:
jwt.sign({ uid: user.id }, secret, { expiresIn: 60 * 60, algorithm: 'HS256'})