Reputation: 159
JWT not expiring in nestjs application even after setting expiresIn value
This is what my auth.module.ts looks like:
import { Module } from "@nestjs/common";
import { ConfigModule, ConfigService } from "@nestjs/config";
import { JwtModule } from "@nestjs/jwt";
import { PassportModule } from "@nestjs/passport";
import { TypeOrmModule } from "@nestjs/typeorm";
import appConfig from "src/config/app.config";
import devConfig from "src/config/dev.config";
import stagConfig from "src/config/stag.config";
import { User } from "src/entities/entity/user.entity";
import { AuthService } from "./auth.service";
import { JwtStrategy } from "./passport-strategies/jwt-strategy";
import { LocalStrategy } from "./passport-strategies/local-strategy";
@Module({
imports: [
PassportModule,
ConfigModule.forRoot({
load: [appConfig, devConfig, stagConfig],
ignoreEnvFile: true,
isGlobal: true,
}),
TypeOrmModule.forFeature([
User
]),
JwtModule.registerAsync({
imports: [ConfigModule],
useFactory: async (configService: ConfigService) => ({
// secret: configService.get<string>('jwt.secret'),
secret: process.env.TOKEN_KEY,
signOptions: { expiresIn: 30 }
}),
inject: [ConfigService]
}),
],
providers: [
AuthService,
LocalStrategy,
JwtStrategy
],
exports: [AuthService],
})
export class AuthModule {}
As you can see I have set signOptions: { expiresIn: 30 } but when I analyze the token it has no expiration parameter and does not expire.
I am using https://jwt.io/#encoded-jwt to analyze the token:
Upvotes: 4
Views: 14176
Answers (3)
Reputation: 46
set your value in string like this:
JwtModule.register({secret: 'your-secret-key', signOptions : { expiresIn : '30d'}}) # for 30 days
also you can set the expiresIn value in calling sign method in jwtService
jwtService.sign({Payload, {expiresIn: '10d', secret: ...})
if you don't set an expiration time when signing a JWT token, the token will not expire and can be used indefinitely.
Upvotes: 0
Reputation: 53
The same problem. search ignoreExpiration flag. Here's my problem
e:
@Injectable()
export class JWTStrategy extends PassportStrategy(Strategy) {
constructor(
readonly configService: ConfigService,
private userService: UserService,
) {
super({
jwtFromRequest: ExtractJwt.fromHeader(
configService.get('API_ACCESS_TOKEN_HEADER'),
),
ignoreExpiration: true, // *** FIXME: here
secretOrKey: configService.get('API_ACCESS_TOKEN_SECRET'),
});
}
...
Here is type:
export interface StrategyOptions {
secretOrKey?: string | Buffer | undefined;
secretOrKeyProvider?: SecretOrKeyProvider | undefined;
jwtFromRequest: JwtFromRequestFunction;
issuer?: string | undefined;
audience?: string | undefined;
algorithms?: string[] | undefined;
ignoreExpiration?: boolean | undefined;
passReqToCallback?: boolean | undefined;
jsonWebTokenOptions?: VerifyOptions | undefined;
}
The ignoreExpiration used, https://github.com/auth0/node-jsonwebtoken/blob/master/verify.js#L147
Hope it will help you
Upvotes: 0
Reputation: 457
You have to pass the expiresIn value as string and mention s for seconds like this
JwtModule.register({
secret: jwtConstants.secret,
signOptions: { expiresIn: '60s' },
}),
Do let me know if this works!
Upvotes: 6
Related Questions
- Nest.js Auth Guard JWT Authentication constantly returns 401 unauthorized
- Passport-jwt token expiration
- Jwt expires when user logged in from another browser
- JWT authentication with passport-jwt does not take expiration date into account
- NestJs showing 401 after following doc exactly
- JWT signed token expiresIn not changing in browser application even after changed in the code
- PassportJS Validates Expired JWT
- Why token expiration time passed via env var not working
- Json web token does not expire
- jsonwebtoken doesn't expire