-
Notifications
You must be signed in to change notification settings - Fork 428
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JWT token that doesn't supply expiration is assumed as valid #335
Comments
Need more information for this to be actionable. Can you provide a sample of where you think this is an issue? AFAICT non-expiring JWTs are allowed (although strongly discouraged) and it's not clear what, if any, changes should be made to the library. |
Sure thing, the Would be great that in case a different expiration attribute is supplied by a system it could be at least supplied as configuration |
When a token response does not supply the current detected attributes for token expiration (
expires_in_sec
,expires_in
,expires
) the token is assumed to be valid.The text was updated successfully, but these errors were encountered: