Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Session with JWT always defaults to 1hr in-spite of adding the env variable ACCESS_TOKEN_VALIDITY
See original GitHub issue🐛 Bug Report
Session with JWT always defaults to 1hr in-spite of adding the env variable ACCESS_TOKEN_VALIDITY=500.
Useful Information
I was testing out the session with jwt enabled and noticed that the jwt expiry always defaults to 1hr in-spite of adding the env variable ACCESS_TOKEN_VALIDITY=60 when running super token core docker image.
Below is a example JWT with the invalid expiry date
{
"sub": "a4572611-b5e6-45c7-914e-b6c8f8e0bd44",
"https://hasura.io/jwt/claims": {
"x-hasura-user-id": "5617",
"x-hasura-session-id": "d48a0f3c-be0a-49eb-8d80-662432a66753"
},
"iss": "http://localhost:3100/api",
"exp": 1658644557, //This is 1 hr which is not right based access token expiry time.
"iat": 1658640927
}
and the Access token has the right expiry date
{
"sessionHandle": "d48a0f3c-be0a-49eb-8d80-662432a66753",
"userId": "a4572611-b5e6-45c7-914e-b6c8f8e0bd44",
"refreshTokenHash1": "1e779393c3de296fdcbba172c7c1bd94108c9e0e44b3ab8121705c5885891e86",
"jwt": <Removed for readability purpose>
"_jwtPName": "jwt"
},
"expiryTime": 1658640986879, //This is like 1 min expiry which is correct based on the env config
"timeCreated": 1658640928024,
"lmrt": 1658640928014
}
Issue Analytics
- State:
- Created a year ago
- Comments:6 (2 by maintainers)
Top Results From Across the Web
Why and how to put secrets in environment variables in Node ...
I wish the guide described why exactly the JWT secret should be an environment variable instead of in a config file, but it's...
Read more >Always returning 401 Unauthorized with a JWT Token using ...
I am following this tutorial to enable jwt authentication in my express API. ... watch out if you are using a variable from...
Read more >The JWT Handbook
8.2.1 Always Perform Algorithm Verification . ... When items are added, the backend constructs a new JWT with the new item in it...
Read more >JSON Web Tokens (JWT) are Dangerous for User Sessions ...
Learn why JSON Web Token (JWT), although popular, is dangerous and also view a proposed battle-tested solution.
Read more >Token Auth with JWTs Part 1 - Server Setup
Install jsonwebtoken and set up environment variables ... After that's installed, We're going to set up a JWT secret in an environment variable....
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I found the problem, after changing the configuration, just restart the core server, the cookie immediately took effect, the jwt expiration time will not change, after restarting the back-end services can be.
If others are experiencing the same problem, they need to restart both core and backend
Apologies, i jumped the gun, the issue was with my config and the backend super token core instance i was connected too. This is not an issue. Re verified it works fine.