Node-jsonwebtoken: exp refuses to work in a jwt token.

Created on 2 Apr 2018  路  8Comments  路  Source: auth0/node-jsonwebtoken

app.get('/auth/google/callback',
    passport.authenticate('google', {session: false}),
    (req, res) => {
        const token = jwt.sign({data:req.user.profile.displayName,  exp: Math.floor(Date.now() / 1000) + (60 * 60)}, '131dv24t51');
        res.cookie('jwt',token);
        res.redirect('/');
    }
);

It keeps being set to a date in 1969... what am I doing wrong, displayName is a string. :)

Can you help me?

Most helpful comment

I don't think so, they are unrelated concepts, with this library you get a string (token), that's it, you need to manually put the token in a cookie, so, effectively you are adding a string to a cookie, you could set any string in a cookie.

Maybe adding it would create more confusion, since it would seem both concepts JWT and cookie are related in this library. However, if we see more confusion / mixing up around those concepts in other issues we may need to add it, as you mentioned (thanks for the suggestion by the way 馃槈 )

All 8 comments

Why do you think the date is being set to 1969? The token appears to be generated correctly, so my guess it's something on the reading/decoding side.

Test

var jwt= require("jsonwebtoken");
const token = jwt.sign({data: 'name',  exp: Math.floor(Date.now() / 1000) + (60 * 60)}, '131dv24t51');
const decoded = jwt.decode(token);
console.log('token:', token);
console.log('decoded:', decoded);
console.log('exp:', new Date(decoded.exp * 1000));
console.log('iat:', new Date(decoded.iat * 1000));

Which results in:

token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjoibmFtZSIsImV4cCI6MTUyMjYzNTQ1OSwiaWF0IjoxNTIyNjMxODU5fQ.QrSTFh0lQHSp7OvkV4sRWVB0nVN5n1vLipDTs6lquKM
{ data: 'name', exp: 1522635459, iat: 1522631859 }
exp: 2018-04-02T02:17:39.000Z
iat: 2018-04-02T01:17:39.000Z

if I look at console inspector -> application -> cookies, it shows the date as 1969

screen shot 2018-04-02 at 08 28 15

I also checked the system date and such to see if something was going fubar there. No luck.

Oh, that's the cookie expires date. That's not related to JWTs or this library.

Assuming you are using express you might want to take a look at the Express res.cookie function on how to set the max-age/expires.

ooh, so the expires is only the internal jwt expires? not the actual cookie expiration date?

Yup! Those are two different expires. JWTs are not always sent as cookies, often they are sent as an Authorization header.

Doubt solved, closing.

Might it not be a good idea to add this to the documentation? So it doesn't confuse people who aren't that familiar with jwt tokens?

I don't think so, they are unrelated concepts, with this library you get a string (token), that's it, you need to manually put the token in a cookie, so, effectively you are adding a string to a cookie, you could set any string in a cookie.

Maybe adding it would create more confusion, since it would seem both concepts JWT and cookie are related in this library. However, if we see more confusion / mixing up around those concepts in other issues we may need to add it, as you mentioned (thanks for the suggestion by the way 馃槈 )

Was this page helpful?
0 / 5 - 0 ratings

Related issues

prevostc picture prevostc  路  4Comments

Teebo picture Teebo  路  4Comments

svnty picture svnty  路  3Comments

itamarwe picture itamarwe  路  3Comments

mathellsmelo picture mathellsmelo  路  3Comments