figure out a good way to test an expired JWT that doesn't require waiting an hour, since expiration time is set by AWS. maybe just commit a once-valid/now-expired JWT and use that? committing something that's essentially a session token feels a little icky, but an expired token for a dummy user seems not terrible in practice? more practically, i'm not wild about this because i'm not sure if the specific 401 Unauthorized message that comes back will be about expiry, and there are other things that could be invalid about a token that would lead to the test passing by getting that HTTP code back for reasons unrelated to expiry (e.g. invalid signature segment).
figure out a good way to test an expired JWT that doesn't require waiting an hour, since expiration time is set by AWS. maybe just commit a once-valid/now-expired JWT and use that? committing something that's essentially a session token feels a little icky, but an expired token for a dummy user seems not terrible in practice? more practically, i'm not wild about this because i'm not sure if the specific 401 Unauthorized message that comes back will be about expiry, and there are other things that could be invalid about a token that would lead to the test passing by getting that HTTP code back for reasons unrelated to expiry (e.g. invalid signature segment).
see https://github.com/LD4P/sinopia_server/pull/77/files#diff-9c98b1f96912899c02b40c5bb91a07dcR450