Are authentication tokens correctly encoding their expiration time?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I understand that authentication tokens are returned by the API together with an 'expires_at' attribute indicating their expiration time. In addition, the documentation also suggests that this expiration time is encoded within the token itself. However, when I decode one such token, I obtain an 'exp' claim which does not seem to have a correct representation of time. That is, if I interpret the value as an absolute number of milliseconds (since the epoch), then it always gives me a time back in 1970 (that is, the token is always expired). If, on the other hand, I interpret it as a number of milliseconds from 'now', it gives me a time that is in two weeks or so (definitely incorrect). Could somebody please clarify whether the tokens' 'exp' claim is currently encoding the token's expiration time in a meaningful way (and if the answer is yes, then please clarify how)?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My mistake, sorry! I was incorrectly interpreting the value of the 'exp' claim within the auth token. I was assuming a millisecond value in there, but if I interpret it as seconds instead, it works as expected. Sorry for the confusion.