Reputation: 659
Where is the expiration of JWT (Json Web Token) saved?
I think the JSW certification flow is as follows.
- (the client) call api with id and password in login page
- (the server) return token (HEADER . CLAIM . SECRETKEY) to client
- (the client) save the token in local storage
- (the client) call api with token
- (the server) checks the token for validity and expiration and returns a result to client
Authentication method 5: Whether the combination of the decoded HEADER and the decoded CLAIM matches the SECRETKEY.
I have a question. Where is the expiration saved?
FYR. I used this library. https://github.com/auth0/node-jsonwebtoken
Upvotes: 2
Views: 1355
Answers (1)
Reputation: 4264
The expiration is saved inside the CLAIM. As written in the RFC.
4.1. Registered Claim Names
4.1.4. "exp" (Expiration Time) Claim
The "exp" (expiration time) claim identifies the expiration time on or after which the JWT MUST NOT be accepted for processing. The processing of the "exp" claim requires that the current date/time MUST be before the expiration date/time listed in the "exp" claim.
Also, take a look at jwt.io it is much easier to read than a RFC.
Upvotes: 4
Related Questions
- How to invalidate a JWT token with no expiry time
- jsonwebtoken: expiresIn does not expires?
- What does it mean for a jwt token to expire
- How to expire a JWT token manually?
- where is JWT stored
- Json web token does not expire
- Where jsonwebtoken stored in server nodejs . How to expire JWT once user gets logout
- Where to do JWT expiration with Node.js and jsonwebtoken?
- Where does json web token save the data?
- nodejs - JSONWebToken does not expire