Layer7 API Management

 View Only
  • 1.  Validating JWT Expiration

    Posted Jul 22, 2019 09:15 AM
    Hello,

    I have an API that is generating a JWT token, and it is working correctly, im using the assertion "Encode JWT".
    My problem is when other API need to decode and validate this JWT, using "Decode JWT" assertion, i can decode and validate the signature correctly, but i cant validate expiration of this token, can anyone help me with that problem?


  • 2.  RE: Validating JWT Expiration
    Best Answer

    Posted Jul 22, 2019 04:01 PM
    JWT alone does not expire.
    Usually the field exp keeps the expiration timestamp.
    So you need to extract this field and use a compare assertion to check validity.

    ------------------------------
    Sr. Consultant Services
    HCL Enterprise Studio
    ------------------------------