kuchaguangjie
commented
2 years ago My bad, it did return 401, I checked the wrong api ... (which is a websocket api, I skipped it for jwt)
Closed kuchaguangjie closed 2 years ago
kuchaguangjie
commented
2 years ago My bad, it did return 401, I checked the wrong api ... (which is a websocket api, I skipped it for jwt)
Seems
expinjwt.MapClaimsis not validated. In my test, after a token expired, it can still be used.I've check the source code of
jwtware.New(), seems there is no whereexpis checked. Or, did I missed something? The token being generated is ok, because I parsed the token and check theexpfield, the value is correct. The desired behavior is that, after the token expired, server should return http code like401.BTW, I tested it in both
v3.2.11andv3.2.12.