Skip to content

How to validate access token that expired? #517

Closed
@jcubic

Description

@jcubic

It seems that the library changed the way it checks for expired tokens from manual handling to throwing exceptions. And now you can put a random JWT token as an expired token if you obtain a refresh token. I think this is a huge flaw in the library.

I wanted to validate that all data are there and manually check if the token expired so I can confirm that the old token was valid when it was valid and it's not a random token.

Because you can't validate expired tokens, both access and refresh tokens need to have exact same claims because you can't recreate a new access token based on an old one.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions