Token isn't expiring
jblandci opened this issue · comments
Jennifer Bland commented
Hello, I have my token setup and all seems working, except they don't expire. Here is how I'm creating the token:
$token = \Yii::$app->jwt->getBuilder()
->identifiedBy('45f1g23a12aa', true)
->issuedBy('https://mysite.com')
->issuedAt($now)
->canOnlyBeUsedAfter($now)
->expiresAt($now->modify('+20 hour'))
->withClaim('uid', $userId)
->getToken(
\Yii::$app->jwt->getConfiguration()->signer(),
\Yii::$app->jwt->getConfiguration()->signingKey()
);
Here is my config.php
'jwt' => [
'class' => 'bizley\jwt\Jwt',
'signer' => \bizley\jwt\Jwt::HS256,
'signingKey' => "mysecret",
'verifyingKey' => "mysecret",
'validationConstraints' => function (\bizley\jwt\Jwt $jwt) {
$signer = $jwt->getConfiguration()->signer();
$pubKey = $jwt->getConfiguration()->signingKey();
return [
new \Lcobucci\JWT\Validation\Constraint\SignedWith($signer, $pubKey),
];
},
],
Was there something else I needed to do to make Yii2 honor the token expiration? I've used the debug tool at https://jwt.io and it says the jwt token is valid so I'm out of ideas. Thanks for any help!
Bizley commented
Check https://github.com/bizley/yii2-jwt/blob/master/INSTRUCTION.md - you would like to add LooseValidAt constraint as well.
Jennifer Bland commented
Thank you! That was it!