What is the timezone / jwt expiration that is being passed into the token?

pallets-eco / flask-jwt

JWT (JSON Web Tokens) for Flask applications

MIT License

564 stars 178 forks source link

What is the timezone / jwt expiration that is being passed into the token? #89

Open rlam3 opened 8 years ago

rlam3 commented 8 years ago

What is the timezone / jwt expiration that is being passed into the token?

I'm having trouble with validating the expiration date on a swift app end. The swift app side says it is expired even when it was just recently updated.

dequis commented 8 years ago

From the docs:

JWT_EXPIRATION_DELTA - A datetime.timedelta value indicating how long tokens are valid for. This value is added to the iat (issued at) claim. Defaults to timedelta(seconds=300)

Check your clock.

rlam3 commented 8 years ago

@dequis Thanks. So this is based on UTC time correct? Not on my machine's. Also another question is, what is the recommended time delta for the expiration? How often should there be the user need a new token?

stone7890 commented 8 years ago

view flask-jwt, i see this line.

iat = datetime.utcnow()

rlam3 commented 8 years ago

@stone7890 Thanks! Do you know if we should be storing these jwt in a backend? And also, about how long should a jwt expire?