Solved: ExpiresIn parameter in generate JWT policy is not ...

musivakumar · 06-04-2019 03:13 PM

Hi,

The below code should generate the JWT which is valid for 1 hour ( I know we can use "1h" for configuring it). But as per the apigee document, if we did not specify the suffix and if it is only number it will be consider as seconds.So I assume that configuring 3600 should make the expiry of the JWT token to 1 hour but it is only setting 30 seconds. any one faced this issue?

"exp": 1559686628

"iat": 1559686625

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <GenerateJWT async="false" continueOnError="false" enabled="true" name="Generate-JWT-1"> <DisplayName>Generate JWT-1</DisplayName> <Algorithm>HS256</Algorithm> <SecretKey> <Value ref="private.key"/> </SecretKey> <Subject>subject-subject</Subject> <Issuer>urn://apigee-edge-JWT-policy-test</Issuer> <Audience>audience1,audience2</Audience> <ExpiresIn>3600</ExpiresIn> <AdditionalClaims> <Claim name="additional-claim-name" type="string">additional-claim-value-goes-here</Claim> </AdditionalClaims> <OutputVariable>jwt-variable</OutputVariable> </GenerateJWT>

sidd-harth

It is not working as described in the docs.

Ideally, the below config should expire the token in 6 seconds but I was able to verify the token for more than 6 seconds,

<ExpiresIn>6</ExpiresIn>

When I added the time unit seconds, it is working fine, the token expires in 6 seconds,

<ExpiresIn>6s</ExpiresIn>

SO I would recommend you to use the timeunit till this is resolved.

++ @Dino-at-Google

View solution in original post

sidd-harth

It is not working as described in the docs.

Ideally, the below config should expire the token in 6 seconds but I was able to verify the token for more than 6 seconds,

<ExpiresIn>6</ExpiresIn>

When I added the time unit seconds, it is working fine, the token expires in 6 seconds,

<ExpiresIn>6s</ExpiresIn>

SO I would recommend you to use the timeunit till this is resolved.

++ @Dino-at-Google

ExpiresIn parameter in generate JWT policy is not as per docs?