Json web token does not expire
I just implemented a json web token authentication, on my backend I send the token which is created by jsonwebtoken to the client as following:
var token = jwt.sign(user, secret.secretToken, { expiresInMinutes: 1 });
return res.json({ token: token });
and on the client side I simply store this token to the SessionStorage. The thing is that the token does not expire after a minute, am I missing something?
EDIT: I implemented same thing which is shown in this post.
Answer
I found myself having the same problem when not providing an object as the first argument to jwt.sign, e.g. jwt.sign('testuser', secret.secretToken, { expiresIn: '1h' });.
This wrong usage of jwt.sign does work even though it is wrong, it just ignores the provided settings. https://github.com/auth0/node-jsonwebtoken/issues/64
Be sure to provide an object as first argument, like jwt.sign({user: 'testuser'}, secret.secretToken, { expiresIn: '1h' });
Update: There have been reported problems with usage of non standard javascript objects, such as from mongoose. Version 5.5.2 has a fix for this. More details here. Thanks @gugol for the notice. Make sure you pass a plain object with the properties you need, not a direct database object or similar.