0

I have an app that uses Laravel/Lumen and its Auth guard JWT tokens for login.

I send a request to 

  http://myserver.com/authenticate

and I get a token in response.

Then when I use this token in subsequent requests

  http://myserver.com/users

with the token in the header

  Authorization  :  Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJpc3MiOiJjbG96ZXJ0b29sc1YyIiwianRpIjoiNTBiMjE1MjllZGIxMmI4OGJlYTJmOTQxMTViNjc2NmYiLCJpYXQiOjE1MzY1NTU3NzEsIm5iZiI6MTUzNjU1NTc3NiwiZXhwIjoxNTM2NTcwOTc2LCJkYXRhIjp7ImVtYWlsIjoia3lsZWtvb3BtYW5AZ21haWwuY29tIiwiYXZhdGFyIjoiIiwiZmlyc3RfbmFtZSI6Ikt5bGUiLCJsYXN0X25hbWUiOiJLb29wbWFuIiwiaWQiOjMzNH0sInN1YiI6MzM0fQ.p20K56BW0c_J-xlk9gV6wDFafxgNuKUOmgk-4ExKhh9qPw79R0bpm-QbnVQFtYlatB_MjLYK1NdUt5GlGaOE9w

The request obviously usually comes back with a 200, (on my local server anyways) However, on my production server all subsequent requests with the provided token come back with a 401 / Unauthorized

All the settings are the same on both servers.

I have this in my .env on both my production server, and local server.

 JWT_KEY=yUyg2oo3M2N0Lf0CnsbG1ztsL1ovA70K
 JWT_EXPIRE_AFTER=15200
 JWT_ISSUER=mysite
 JWT_ID_FIELD=id
 JWT_NBF_DELAY=25
 DB_TIMEZONE=+00:00
 APP_TIMEZONE=UTC

My assumption is that it has something to do with expiry and/or server time.
Like I think that the token is coming back already expired, therefore on the subsequent request it is invalid.

Am I correct in thinking this is where the issue lies? And how do I go about fixing it/testing it?

Kylie
  • 11,421
  • 11
  • 47
  • 78

1 Answers1

0

You can visit https://jwt.io and paste your token into the encoded field to get back the expire date and check then in the developer console

const currentTime = Date.now() / 1000

if( exp < currentTime) {
  // is expired
}

I have something like this in my code:

const checkExpiredJwtDate = token => {
  const base64Url = token.split('.')[1];
  const base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/');
  const jwtObject = JSON.parse(window.atob(base64))
  const currentTime = Date.now() / 1000;
  if (jwtObject.exp < currentTime) {
    // is expired...
  }
};

How to decode jwt token in javascript