Node-jsonwebtoken: how to set expiresIn never expire ?

Created on 12 Oct 2017  路  12Comments  路  Source: auth0/node-jsonwebtoken

Most helpful comment

Never... is too much time. But, I think that 9999 years is a reasonable meaning of 'never':
const token = jwt().sign({ uuid:data, apikey }, '9999 years' )
produces my verified token:
{ uuid: 'fcaf0b39-0cf6-4814-ba54-634f5061b352', apikey: 'TAAR8M9-32CMACE-K0V48EV-3Z7ASJB', iat: 1581155672, exp: 317125598072 }
Since: 2020-02-08T10:54:32+01:00
Expire: 12019-04-24T05:54:32+02:00

Perhaps in 9999 years your application runs in replicating beings in other galaxy, even other circumstances that we can't even think about now

All 12 comments

just don't put it at all 馃

@odarbelaeze is right. If you don't pass expireIn option or exp claim there will not be any exp claim, so the JWT does not have any expiration.

Does this no longer work in the latest version? We used to be able to enter 0 (zero) as the expireIn to never expire the token. Now it forces us to enter a specific length of time. Is that intentional?

@markuso I tested with v7.4.3 and the use case you mention does not work either, it will add an expiration with the same second as the iat, so the token would be useless since it's expired at the same moment it was created.

With both v8 and v7:

> jwt.decode(jwt.sign({a:1},'ssh'))
{ a: 1, iat: 1516971150 }
> jwt.decode(jwt.sign({a:1},'ssh', { expiresIn: 0 }))
{ a: 1, iat: 1516971152, exp: 1516971152 }

Bump

As @odarbelaeze says - don't pass expiresIn to the jwt options and you'll have a token with no expiration.
Tested on v8.2.2

I was passing an undefined value into the expiresIn property and it was failing. So I assumed it was forcing us to enter a value like 0 or greater. I now make sure that I don't declare the property at all instead of allowing an undefined value to be set. I feel that it should take care of the undefined value internally, in my opinion, to behave like it was unset. Cheers!

bump

On the other hand, we can use the below option while verifying the token
ignoreExpiration: if true do not validate the expiration of the token.

it's very simple code below

This code must be placed in the ConfigureServices method in the Startup.cs class.

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = false, // set false this property
ValidateIssuerSigningKey = true,
ValidIssuer = "xxxx",
ValidAudience = "xxxx",
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecurityKey"]))
};

            });

Never... is too much time. But, I think that 9999 years is a reasonable meaning of 'never':
const token = jwt().sign({ uuid:data, apikey }, '9999 years' )
produces my verified token:
{ uuid: 'fcaf0b39-0cf6-4814-ba54-634f5061b352', apikey: 'TAAR8M9-32CMACE-K0V48EV-3Z7ASJB', iat: 1581155672, exp: 317125598072 }
Since: 2020-02-08T10:54:32+01:00
Expire: 12019-04-24T05:54:32+02:00

Perhaps in 9999 years your application runs in replicating beings in other galaxy, even other circumstances that we can't even think about now

Never... is too much time. But, I think that 9999 years is a reasonable meaning of 'never':
const token = jwt().sign({ uuid:data, apikey }, '9999 years' )
produces my verified token:
{ uuid: 'fcaf0b39-0cf6-4814-ba54-634f5061b352', apikey: 'TAAR8M9-32CMACE-K0V48EV-3Z7ASJB', iat: 1581155672, exp: 317125598072 }
Since: 2020-02-08T10:54:32+01:00
Expire: 12019-04-24T05:54:32+02:00

Perhaps in 9999 years your application runs in replicating beings in other galaxy, even other circumstances that we can't even think about now

I'm from the future, man, your token just expired, and we can't use the API, the world is in chaos

Was this page helpful?
0 / 5 - 0 ratings

Related issues

ehartford picture ehartford  路  3Comments

BarukhOr picture BarukhOr  路  4Comments

Sir-hennihau picture Sir-hennihau  路  4Comments

salali picture salali  路  5Comments

svnty picture svnty  路  3Comments