Verify jwt expiration time

[SimonLab]

While using the authentication service I noticed the application returns sometimes unauthorized response.

• [ ] Check the expiration time when a jwt is created

see https://github.com/dwyl/auth-mvp/blob/48c5450f1abbc635e00a8fffe4f4516efe3c1815/lib/auth_mvp_web/controllers/google_auth_controller.ex#L24

[SimonLab]

From the Joken documentation, the jwt created by the library as an expiration time of 2h:

Looking at how we can increase this value

[iteles]

I've noticed this a lot. When I go to stop a timer after more than half an hour (I haven't tried this for intervals smaller than 30 minutes), I usually always get an unauthorised response.

This forces me to log out and log in again before I can use the app.

[SimonLab]

It's strange that in your case it happenes around 30mn. I've checked my current jwt with https://jwt.io/ and I can see that the issued at and expiration time values define a 2h gap:

  "exp": 1585051258, # expiration time value using unix epoch format
  "iat": 1585044058, # issued at

I'm going to create a PR soon to define the expiration time to 1 year. We'll then be able to test the jwt and see if it might be other claims which might invalidate your jwt

[nelsonic]

I logged in with GitHub Auth and created a few items with timers. When I got back to my desk after a spot of gardening, the app was blank.

When I visit the / (root route): https://app-mvp-elm.herokuapp.com

But when I visit https://app-mvp-elm.herokuapp.com/capture I see the same Access not authorised seen by @iteles above:

Suspect there is still an issue with the JWT? 🤔

[SimonLab]

I've checked again the documentation on how to define a new expiration time and instead of the keyword exp I needed to use default_exp:

see https://hexdocs.pm/joken/Joken.Config.html#default_claims/1