gpt4 book ai didi

javascript - jwt.verify() 在过期时间为 24h 时返回 jwt expired

转载 作者:行者123 更新时间:2023-12-04 13:01:25 29 4
gpt4 key购买 nike

我用了jwt创建 token :

const jwt = require('jsonwebtoken');
const token = jwt.sign({
filePath: "path/to/file"
}, 'secretKey', {
expiresIn: "24h"
});
try {
console.log(token)
var decoded = jwt.verify(token, 'secretKey');
} catch(err) {
console.log(err)
}

jwt.header:
{
"alg": "HS256",
"typ": "JWT"
}

有效载荷:
{
"filePath": "path",
"iat": 1557833831,
"exp": 1557920231
}

当我在我的真实应用程序中测试上面提到的代码片段时,我收到一条错误消息:
jwt expired

使用 jwt debugger , token 有效,应在 24 小时后过期。 verify() 返回的错误它检查到期。 jwt如何检查过期?或者它不检查它?

最佳答案

所以既然问题是,jwt如何检查过期日期,它基本上取决于可以根据JWT RFC实现的一些属性。
一个是 exp .如果 token 在当前日期时间之前过期,则无法处理 JWT

The "exp" (expiration time) claim identifies the expiration time onor after which the JWT MUST NOT be accepted for processing. Theprocessing of the "exp" claim requires that the current date/timeMUST be before the expiration date/time listed in the "exp" claim.


Implementers MAY provide for some small leeway, usually no more thana few minutes, to account for clock skew. Its value MUST be a numbercontaining a NumericDate value. Use of this claim is OPTIONAL.


另一个需要注意的是 iat , 代表发行于

The "iat" (issued at) claim identifies the time at which the JWT wasissued. This claim can be used to determine the age of the JWT. Itsvalue MUST be a number containing a NumericDate value. Use of thisclaim is OPTIONAL.


据我所知,可用于时间验证的最后一个是 nbf , 代表不在之前

The "nbf" (not before) claim identifies the time before which the JWTMUST NOT be accepted for processing. The processing of the "nbf"claim requires that the current date/time MUST be after or equal tothe not-before date/time listed in the "nbf" claim. Implementers MAYprovide for some small leeway, usually no more than a few minutes, toaccount for clock skew. Its value MUST be a number containing aNumericDate value. Use of this claim is OPTIONAL.


现在,对于手头的代码,我没有看到任何内容,具有以下设置,这对我来说非常好
const jwt = require('jsonwebtoken');

const token = jwt.sign( {
hello: 'world'
}, 'myverysecretkey', {
expiresIn: '24h'
});

try {
const verify = jwt.verify( token, 'myverysecretkey' );
console.log( verify );
} catch (err) {
console.error( err );
}
这将输出
Object {hello: "world", iat: 1557840459, exp: 1557926859}
这可以在 codesandbox 上进行验证关联

关于javascript - jwt.verify() 在过期时间为 24h 时返回 jwt expired,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56130022/

29 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com