Geek Answers Handbook

Cannot set Exp and Iat for JWT correctly

I am a little puzzled by this. I am trying to install a valid JWT. I am using node.js with jsonwebtoken middleware. I followed the documentation located on the repo ( located here ), but I continue to make mistakes in the work of Exp and Iat. Obviously, I would like to get this right so that I do not authorize the JWT, which has expired.

As a test, I have the following code:

var token = jwt.sign({"id": user._id}, configGeneral.JWT, { expiresIn: '1h' }); var decoded = jwt.decode(token, configGeneral.JWT); var d1 = new Date(decoded.exp); var d2 = new Date(decoded.iat); console.log(decoded); console.log(d1); console.log(d2);

The result of this:

 { id: '56253091fe0397c80133f3e4', iat: 1445714161, exp: 1445717761 } Sat Jan 17 1970 19:35:17 GMT+0200 (South Africa Standard Time) Sat Jan 17 1970 19:35:14 GMT+0200 (South Africa Standard Time)

How to get a timestamp so as not to reflect the era of javascript, but rather time in an hour? (for iat and exp.)

+8
javascript jwt json-web-token
source share
2 answers

Based on what Krzysztof Sztompka published, I could get Ext to show the correct expiration date. (my initial requirement was for 1 hour in the future)

In order to track changes compared to previous errors, I will not update the code above, so here is what I changed:

 var d = new Date(); var calculatedExpiresIn = (((d.getTime()) + (60 * 60 * 1000)) - (d.getTime() - d.getMilliseconds()) / 1000); var token = jwt.sign({"id": user._id}, configGeneral.JWT, { expiresIn: calculatedExpiresIn });

Now the .log console will show that Ext the way I wanted, now + 1 hour.

In order for Iat to display the correct date (after setting it in the sign function, and then checking the health in the decode function), I had to set it as part of the payload. I got my answer here

So, in order to display Iat correctly, I added it to the payload, as shown here:

 var token = jwt.sign({"id": user._id, "iat": (new Date().getTime())}, configGeneral.JWT, { expiresIn: calculatedExpiresIn });

This gives the conclusion:

 { id: '56253091fe0397c80133f3e4', iat: 1445763099706, exp: 1445766699705 } Sun Oct 25 2015 11:51:39 GMT+0200 (South Africa Standard Time) Sun Oct 25 2015 10:51:39 GMT+0200 (South Africa Standard Time)

This is an unencrypted JWT that I will pass on to users when they have successfully logged in and will allow me to check whether the JWT should pass, since every future request is still valid and has not expired.

+2
source share

It:

 new Date().getTime()

gives you time in milliseconds. But the time in the jwt token (iat, exp) is in seconds, so we must divide the result by 1000.

 var actualTimeInSeconds = new Date().getTime()/1000;

How to get some time in seconds:

 (new Date().getTime() + someTimeInSeconds * 1000)/1000

If you need 1 hour:

 (new Date().getTime() + 60 * 60 * 1000)/1000

because 1h = 60 min * 60 s

And at the moment you have the time in seconds from the jwt token and the estimated time in seconds. You should only compare these values.

It is in your situation that you must compare the time of the jwt token with the actual time in seconds. If the expiration time of the jwt token is longer than the actual time, it means that it is still valid. From jwt token docs:

Processing an exp application requires that the current date / time MUST be before the expiration date / time specified in the exp application.

Edit:

To get the coorect date from iat, multiply the value by 1000 and add to the new Date constructor:

 new Date(iat*1000)
+10
source share

More articles:


All Articles