I recently released @adobe/jwt-auth 0.3.0 which expires the temporary JWT it creates after 5 minutes. This is a security improvement I hope everyone move to.
The JWT token was valid for 24 hours but since we create the bearer token shortly after creating the JWT and the JWT is never re-used it should expire quickly.
How Has This Been Tested?
Generated an auth token, grabbed the JWT and tried to use it after 5 minutes elapsed time. It was rejected.
Screenshots (if appropriate):
Types of changes
[x] Bug fix (non-breaking change which fixes an issue)
[ ] New feature (non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to change)
Description
I recently released @adobe/jwt-auth 0.3.0 which expires the temporary JWT it creates after 5 minutes. This is a security improvement I hope everyone move to.
Related Issue
https://github.com/adobe/jwt-auth/issues/23
Motivation and Context
The JWT token was valid for 24 hours but since we create the bearer token shortly after creating the JWT and the JWT is never re-used it should expire quickly.
How Has This Been Tested?
Generated an auth token, grabbed the JWT and tried to use it after 5 minutes elapsed time. It was rejected.
Screenshots (if appropriate):
Types of changes
Checklist: