setExpiration should return seconds not milliseconds

Question

setExpiration should return seconds not milliseconds

coldino opened this issue 4 years ago · 2 comments

May have found the root cause of some of your previous bug reports around expiry times.

The spec makes it clear that times in claims should be in seconds, not in milliseconds. The specification uses the term NumericDate which it defines as A JSON numeric value representing the number of seconds from 1970-01-01T00:00:00Z UTC and should apply to all time fields: iat, exp and nbf.

This is backed up by decoding tokens created with this package using JWT debugger showing around 50,000 years in the future (50 years since 1970 times 1000).

Edit: This also requires a change in isExpired to match.

Answer 1 · 2020-07-20T23:49:10.000Z

You are right @coldino , thank you!

Fixed with f742488.

Answer 2 · 2020-07-21T09:51:34.000Z

Seems to work. Thanks for the quick turnaround!