Reputation: 298
JWT setExpiration for servers time zone Android
I'm trying to set up a short expiration time for my JWT web token. Problem I'm running into is if the client is in a different time zone the server (EST). Currently the working code is as follows.
Map<String, Object> header = new HashMap<>();
header.put("typ", Header.JWT_TYPE);
long now = Instant.now().getMillis();
String compactJws = Jwts.builder()
.setHeader(header)
.claim("email", email)
.claim("password", password)
.claim("reg_id", reg_id)
.claim("deviceId", deviceId)
.claim("gsf", returnGSF())
.claim("imei", returnIMEI())
.claim("serial", Build.SERIAL)
.claim("version", String.valueOf(version))
.claim("language", language)
.setIssuedAt(new Date(now))
.setExpiration(new Date(now + 60000))
.signWith(SignatureAlgorithm.HS256, settings.getString("keychain", "password"))
.compact();
Sixty Seconds is plenty of leeway. I'm pulling my hair out with all the different Date/Format object variants. How to get the date object for US eastern time regardless of the devices location?
Upvotes: 2
Views: 3687
Answers (1)
Reputation: 241603
JWT timestamps are always UTC-based, so time zone is not your problem.
It's quite possible the client and server clocks are not in sync. 60 seconds is not much tolerance for clock skew. Other protocols use much larger variances. For example Kerberos allows a default of 5 minutes delta between clocks.
Upvotes: 3
Related Questions
- How can I reset the JWT token expiration time?
- JwtSecurityToken expiration date is two hours apart
- convert exp date JWT token in java not work like in js, why?
- handler.CreateJwtSecurityToken(descriptor); IDX12401
- how to set expire of jwt when using jjwt
- JJWT library and handle expiration ExpiredJWTException
- Expiration of JWT not working when using expiration date in UTC
- How to verify JWT with UTC expiration time?
- JWT Issue date vs. Expiration date check is failing due to daylight savings time. What's a year-round permanent solution?
- Refreshing JWT automatically before expiration