szerhusenBC/jwt-spring-security-demo

ignoreTokenExpiration is not functioning

bfwg opened this issue · 4 comments

bfwg commented

Summary

If the token is expired, an exception will get thrown when getting the audience. Therefore, you can never get the audience from an expired token.

bfwg commented

Yes, I'm reporting this issue because the part where we are getting the audience from the token is never invoked.
https://github.com/szerhusenBC/jwt-spring-security-demo/blob/master/src/main/java/org/zerhusen/security/JwtTokenUtil.java#L92

Oh, I see, you're right. Do you have any idea how to get claims from an expired token?

I'm closing this ticket because I removed the device/audience support. The mobile starter is actually not supported by Spring Boot 2.