Suggestion: The token contains the time stamp for start and end ('iat': 1621506724, 'exp': 1621507624) of token validation, this can help in invalid token check without calling the beneficiary api everytime

use pyjwt
Also this will allow to regenerate the otp automatically just before expiration (if auto is selected)

Oh I dint know about this. Thank you!

Hi @aascagarwal - Did you decode the JWT? I seem to be running into InvalidSignatureError

If you're on Discord, could we have a quick chat sometime? ID: pallupz#5726

jwt.decode(token, options={"verify_signature": False})

algorithm?

oh wait.. got it

decoded = jwt.decode(token, options={"verify_signature": False})
print(decoded)
mobile = str(decoded['mobile_number'])
startTime = datetime.datetime.fromtimestamp(decoded['iat'])
d1 = (datetime.datetime.now() + datetime.timedelta(minutes=15)).replace(microsecond = 0)
print(d1)
print(startTime)

    difference = (d1 - startTime).total_seconds() / 60
    print(difference)

when I encode it back, I am not getting the same result

that's because, you need the signature..
you can put the expiration logic as intended, this was just a dummy I wrote to verify.
Relying on the this might be an issue, as cowin now logs out abruptly if any other session is working or number of requests are more, hence beneficiary check would still be a better fail safe

yea.. so at the moment, we can at best only predict when this will expire?

no way to generate the next token, I assum

I have not tried that, but mostly no

yea - I tried with different things for keys, but nothing has worked so far. and that'd be a dumb design anyway. was hoping maybe devs made a mistake somewhere.