JWT Token expired


#1

Hello

I was playing around with ROR and jwt (notably using https://www.jsonwebtoken.io/ for jwt generation) and I found something weird.
When I do change the expiry (exp field) to something which is already expired - like 1 second after emitting - the authentication is still considered valid and I can still access the cluster using the same JWT. Is it a known bug or am I doing something wrong ?

Thank you for the very good product otherwise :slight_smile:


(Simone Scarduzio) #2

Hi @Guigui, thanks for the feedback!
Strange, we have a test about that. Can you share a JWT + key that reproduces this consistently?


#3

Hi @sscarduzio

Actually I made a mistake (computer’s time not synced with my aws instance :confused: ) everything works fine.

My apologies…


(Simone Scarduzio) #4

No worries, welcome to the forum btw :slight_smile: