Token isn't expiring

Question

Token isn't expiring

jblandci opened this issue 2 years ago · comments

Hello, I have my token setup and all seems working, except they don't expire. Here is how I'm creating the token:

$token = \Yii::$app->jwt->getBuilder()
			->identifiedBy('45f1g23a12aa', true) 
			->issuedBy('https://mysite.com')
			->issuedAt($now)
			->canOnlyBeUsedAfter($now)
			->expiresAt($now->modify('+20 hour')) 
			->withClaim('uid', $userId)
			->getToken(
				\Yii::$app->jwt->getConfiguration()->signer(),
				\Yii::$app->jwt->getConfiguration()->signingKey()
			);

Here is my config.php

        'jwt' => [
            'class' => 'bizley\jwt\Jwt',
            'signer' => \bizley\jwt\Jwt::HS256,
            'signingKey' => "mysecret",
            'verifyingKey' => "mysecret",
            'validationConstraints' => function (\bizley\jwt\Jwt $jwt) {
                $signer = $jwt->getConfiguration()->signer();
                $pubKey = $jwt->getConfiguration()->signingKey();
                return [
                    new \Lcobucci\JWT\Validation\Constraint\SignedWith($signer, $pubKey),
                ];
            },
        ],

Was there something else I needed to do to make Yii2 honor the token expiration? I've used the debug tool at https://jwt.io and it says the jwt token is valid so I'm out of ideas. Thanks for any help!

Bizley · Answer 1 · Sat Oct 29 2022 04:24:19 GMT+0800 (China Standard Time)

Check https://github.com/bizley/yii2-jwt/blob/master/INSTRUCTION.md - you would like to add LooseValidAt constraint as well.

Jennifer Bland · Answer 2 · Sat Oct 29 2022 09:10:29 GMT+0800 (China Standard Time)

Thank you! That was it!