|
|
|
|
|
|
by knz
3478 days ago
|
|
|
> Add an "expires" field to the token, this should contain a date after which the token is no longer valid. Now all token s auto-invalidate after a certain period. Doesn't JWT already have this - "exp" is a reserved claim for expiration time? https://tools.ietf.org/html/rfc7519#section-4.1.4 4.1.4. "exp" (Expiration Time) Claim The "exp" (expiration time) claim identifies the expiration time on or after which the JWT MUST NOT be accepted for processing. The processing of the "exp" claim requires that the current date/time MUST be before the expiration date/time listed in the "exp" claim. |
|
|