Node-jsonwebtoken: Verify (or sign, or both) do not work. "TokenExpiredError: jwt expired" error is thrown for no reason. (SOLVED)

Created on 7 Oct 2016  路  2Comments  路  Source: auth0/node-jsonwebtoken

Why do I get this error?

let jwt = require('jsonwebtoken');
let jwt_decode = require('jwt-decode');

let secret = "The Secret String";

let oHeader = {
    "alg": "HS256",
    "typ":"JWT"
};

let oPayload = {
    "fname": "John",
    "lname": "Doe",
    "role": "admin",
    "exp": 3600 // Do you see this? It is 1 (one) hour, isn't it?
}

Now let's create and then verify a token:

let token = jwt.sign(oPayload, secret);

console.log('[token] ', token);
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmbmFtZSI6IkpvaG4iLCJsbmFtZSI6IkRvZSIsInJvbGUiOiJhZG1pbiIsImV4cCI6MzYwMCwiaWF0IjoxNDc1ODIyNTc4NDYyfQ.HKfpUkfRE2s7uMmgwU627RqnjOB4XROk22QzOFtRpXw

// First, let's see the payload with "jwt_decode"
console.log('[jwt_decode(token)]', jwt_decode(token));
 { fname: 'John',
  lname: 'Doe',
  role: 'admin',
  exp: 3600,
  iat: 1475823292188 } 

// Now with "jwt.decode(token)"
console.log('[jwt.decode(token)]', jwt.decode(token));
 { fname: 'John',
  lname: 'Doe',
  role: 'admin',
  exp: 3600,
  iat: 1475823292188 } 

// And now let's verify a token
console.log('[jwt.verify(token, secret)]', jwt.verify(token, secret));

C:\Users\user\sbox\node\app\node_modules\jsonwebtoken\verify.js:32
      if (err) throw err;
               ^
TokenExpiredError: jwt expired
    at Object.module.exports [as verify] (C:\Users\user\sbox\node\app\node_modules\jsonwebtoken\verify.js:121:19)
    at Object.<anonymous> (C:\Users\user\sbox\node\app\assets\js\react\dev\drafts\jwt.js:37:70)
    at Module._compile (module.js:541:32)
    at Object.Module._extensions..js (module.js:550:10)
    at Module.load (module.js:458:32)
    at tryModuleLoad (module.js:417:12)
    at Function.Module._load (module.js:409:3)
    at Module.runMain (module.js:575:10)
    at run (bootstrap_node.js:352:7)
    at startup (bootstrap_node.js:144:9)
[Finished in 0.4s with exit code 1]
[shell_cmd: node C:\Users\user\sbox\node\app\assets\js\react\dev\drafts\jwt.js]
[dir: C:\Users\user\sbox\node\app\assets\js\react\dev\drafts]
[path: C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\nodejs\;C:\Ruby22-x64\bin;C:\Program Files\Amazon\AWSCLI;C:\Program Files (x86)\Skype\Phone\;C:\Users\user\AppData\Roaming\npm]

Why does it happen? How to fix?
"version": "7.1.9"

All 2 comments

Here is the answer.
https://developer.atlassian.com/static/connect/docs/latest/concepts/understanding-jwt.html

"exp" - Expiration time. It contains the UTC Unix time after which you should no longer accept this token. It should be after the issued-at time.

    "iat": 1300819370, // 70
    "exp": 1300819380, // 80

Their documentation is 馃憤
Yours is miserable 馃憥

I am very sorry to hear that. I just did a new section in the README:

https://github.com/auth0/node-jsonwebtoken#token-expiration-exp-claim

Do you think this could have helped to figure out?

Was this page helpful?
0 / 5 - 0 ratings