exp field definition unclear in jwt.sign

Question

How should the exp field of the payload be expressed ?

   jwt.sign({
        _id: this._id,
        email: this.email,
        name: this.name,
        exp: //how do I set this value ?,
   }, "MY_SECRET");

It's nowhere clearly explained in the docs

https://github.com/auth0/node-jsonwebtoken

From the example code I have here :

userSchema.methods.generateJwt = function() {
    var expiry = new Date();
    expiry.setDate(expiry.getDate() + 7);

    return jwt.sign({
        _id: this._id,
        email: this.email,
        name: this.name,
        exp: parseInt(expiry.getTime() / 1000),
    }, "MY_SECRET");
};

I assume "exp" expresses the expiration date of the Token, in seconds starting from epoch. Correct ?

Possible duplicate of [JWT (JSON Web Token) automatic prolongation of expiration](http://stackoverflow.com/questions/26739167/jwt-json-web-token-automatic-prolongation-of-expiration) — Wasiq Muhammad, Sep 29 '16 at 16:17

score 0 · Answer 1 · answered Sep 29 '16 at 16:19

It all depends on the type of application and here is our recommended approach.

A good pattern is to refresh the token before it expires.

Set the token expiration to one week and refresh the token every time the user open the web application and every one hour.

To refresh the token your api needs a new endpoint that receives a valid, not expired JWT and returns the same signed JWT with the new expiration field. Then the web application will store the token somewhere.

score 0 · Answer 2 · answered Sep 29 '16 at 16:38

0

Just tested and yes "exp" expresses the expiration date of the Token, in seconds starting from epoch but it is not stated in the doc.

answered Sep 29 '16 at 16:38

Lev

13,856
14
52
84

exp field definition unclear in jwt.sign

2 Answers2