TechQA.

Is options ignoreExpiration still valid in node-jose?

703 views Asked by At

In jsonwebtoken, the option ignoreExpiration can be used as below for HS256:

const jwt = require("jsonwebtoken");
const decoded = await jwt.verify(jwt_token, process.env.jwtPrivateKey,
    {ignoreExpiration: true});

Now the app is migrating to node-jose 2.0.9. Is ignoreExpiration still a valid option in node-jose as well?

const jose = require('node-jose');
const decoded = await jose.JWT.createVerify(pubkey, {ignoreExpiration: true,
    algorithms: ['EdDSA']}).verify(jwt_token); //Is ignoreExpiration valid here?
jose node-jose
Original Q&A
2

There are 2 answers

1
AudioBubble On BEST ANSWER

node-jose is for general JOSE constructs, it does not support the JWT Claim Set validations like exp, iat, iss, aud, etc.

Therefore ignoreExpiration is not a valid option for any of the node-jose APIs.

You can of course refer to node-jose documentation to see there's no mention of any such option.

0
par On

jose.JWTVerifyOptions has a currentDate parameter. It defaults to Date.now() but you can specify a date earlier than the issue date of the token to ensure verification won't fail based on expiration time. This has the same effect as jsonwebtoken's ignoreExpiration: true.

For example:

jose.jwtVerify(jwt, key, { currentDate: new Date(0) });

See the JWTVerifyOptions documentation.

Related Questions in JOSE

Related Questions in NODE-JOSE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions