TechQA.

Google Wallet JWT "exp" parameter

393 views Asked by At

I am integrating google wallet on my website, and didn't find the answer to this anywhere. Can the "exp" parameter of the JWT token be more than an hour? I see on every guide or library:

'exp' => time() + 3600,

But, could it be something else? like 2 hours:

'exp' => time() + 7200,

Thanks!

android-pay jwt
Original Q&A
1

There are 1 answers

0
EdSF On

From the spec

The exp (expiration time) claim identifies the expiration time on or after which the JWT MUST NOT be accepted for processing. The processing of the exp claim requires that the current date/time MUST be before the expiration date/time listed in the exp claim. Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew. Its value MUST be a number containing a NumericDate value. Use of this claim is OPTIONAL.)

I personally haven't tested the "max" that Google will allow. However, it could matter to you more - re: how long is that specific transaction supposed to be "good". (When) should it expire/be invalidated? Should I be worried of replays?

Hth...

Related Questions in ANDROID-PAY

Related Questions in JWT

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions