obabichev
commented
4 years ago At the current moment, if you don't provide accessTokenExpireKey, the library tries to take exp field from token:
const jwt = JSON.parse(atob(token.split('.')[1]));
if (jwt && jwt.exp && Number.isFinite(jwt.exp)) {
return jwt.exp * 1000; // convert to millisecond
}if I am right exp must be in seconds (NumericDate from rfc7519) RFC 7519
Or there are implementations of JWT which have measurements for the exp field?
I propose to validate the token lifetime depending on exp if it is in minutes, seconds or milliseconds