How to set jwt token expiry time to maximum in nodejs?

Question

I dont want my token to get expire and shold be valid forever.

var token = jwt.sign({email_id:'123@gmail.com'}, "Stack", {

                        expiresIn: '24h' // expires in 24 hours

                         });

In above code i have given for 24 hours.. I do not want my token to get expire. What shall be done for this?

That seems like a bad idea. But you can try to leave this parameter off (check the API documentation for your JWT library). If that does not work, set it to one million hours — Thilo, Jul 20 '17 at 06:46
You should add hours you want to set. Best practice will set to 8760 hours that is 1 year — Ved, Jul 20 '17 at 06:48
if i give for 10 years by calculating the total number of hours will it work? — Jagadeesh, Jul 20 '17 at 06:57
Are you using this library https://www.npmjs.com/package/jsonwebtoken? Why you do not omit the `expiresIn` param? The `exp` attribute of JWT is optional. You do not need to fill it, and then the token will not expire — pedrofb, Jul 20 '17 at 08:06
yes i am using the same library...so if i omit it will work right? — Jagadeesh, Jul 20 '17 at 08:10

score 78 · Accepted Answer · edited Jul 13 '22 at 13:11

The exp claim of a JWT is optional. If a token does not have it, it is considered that it does not expire

According to the documentation of https://www.npmjs.com/package/jsonwebtoken the expiresIn field does not have a default value either, so just omit it.

There are no default values for expiresIn, notBefore, audience, subject, issuer. These claims can also be provided in the payload directly with exp, nbf, aud, sub and iss respectively, but you can't include them in both places.

var token = jwt.sign({email_id:'123@gmail.com'}, "Stack", {});

Ved · Answer 2 · 2019-05-13T10:12:17.590

58

To set expirey time in days: try this

 var token = jwt.sign({email_id:'123@gmail.com'}, "Stack", {

           expiresIn: '365d' // expires in 365 days

      });

"expiresIn" should be a number of seconds or string that repesents a timespan eg: "1d", "20h",

Docs: jsonwebtoken

edited May 13 '19 at 10:12

answered Jul 20 '17 at 07:02

Ved

11,837
5
42
60

1

any option for setting up in years? – Jagadeesh Jul 20 '17 at 07:10
1

I think no. You can set it in days. 365d = 1 year – Ved Jul 20 '17 at 07:11
2

if i give for 10 years by calculating the number of days as 3650d will it work? – Jagadeesh Jul 20 '17 at 07:13

Abolfazl Roshanzamir · Answer 3 · 2021-06-15T09:29:10.517

You can set expire time in number or string :

expressed in seconds or a string describing a time span zeit/ms.
Eg: 60, "2 days", "10h", "7d".

A numeric value is interpreted as a seconds count. If you use a string be sure you provide the time units (days, hours, etc),
otherwise milliseconds unit is used by default ("120" is equal to "120ms").

 var token = jwt.sign({email_id:'123@gmail.com'}, "Stack", {
        expiresIn: "10h" // it will be expired after 10 hours
        //expiresIn: "20d" // it will be expired after 20 days
        //expiresIn: 120 // it will be expired after 120ms
        //expiresIn: "120s" // it will be expired after 120s
 });

expiresIn: 120 should be 120s not 120ms, according to the docs, your quote, and my own code..... — Frustrated_Student, Apr 16 '22 at 20:12

score 10 · Answer 4 · answered Jun 19 '20 at 17:52

You can save your settings in a config file. expires in days use d after your desire days like after 90 days should be: 90d for hours use h for example 20h

you can use milliseconds also, for example, after 4102444800ms

config.env

JWT_SECRET = my-32-character-ultra-secure-and-ultra-long-secret
JWT_EXPIRES_IN = 90d

authController.js

const signToken = (id) => {
  return jwt.sign({ id: id }, process.env.JWT_SECRET, {
    expiresIn: process.env.JWT_EXPIRES_IN,
  });
};

const signIn = (user) =>{
    const token = signToken(user._id);
}

is expiresIn in jwt different from the maxAge in cookies? I'm sending the jwt as a cookie to the client but it seems like setting expiresIn doesn't affect the cookie — The.Wolfgang.Grimmer, Oct 13 '20 at 03:36

score 8 · Answer 5 · answered Dec 12 '20 at 19:32

8

  jwt.sign(contentToEncrypt, SECRET_KEY, { expiresIn: '365d' });

answered Dec 12 '20 at 19:32

Shubham Kakkar

581
6
4

How to set jwt token expiry time to maximum in nodejs?

5 Answers5

Linked

Related