jwt check if token expired

node.js express jwt
Andrés Montoya picture Andrés Montoya · Jul 11, 2018 · Viewed 91.2k times · Source

I've configured the token like this:

jwt.sign(
  {
    user: pick(user, ['_id', 'username'])
  },
  secret,
  {
    expiresIn: '2m'
  }
);

But when I want to check if the token was expired, this code doesn't work

function isAuthenticated() {
  const token = localStorage.getItem('token');
  const refreshToken = localStorage.getItem('refreshToken');
  try {
    decode(token);
    const { exp } = decode(refreshToken);
    if (exp < (new Date().getTime() + 1) / 1000) {
      return false;
    }
  } catch (err) {
    return false;
  }
  return true;
}

The problem is this part:

if (exp < (new Date().getTime() + 1) / 1000) {
  return false;
}

new Date().getTime() + 1) / 1000 = 1531335468.113

exp = 1531334595

Because I don't know what format of time uses JWT...

How can I resolve this?

Thank you!

Answer

Andr&#233;s Montoya picture Andrés Montoya · Jul 11, 2018

This is the answer if someone want to know

if (Date.now() >= exp * 1000) {
  return false;
}

Related questions

How to use jti claim in a JWT

The JWT spec mentions a jti claim which allegedly can be used as a nonce to prevent replay attacks: The "jti" (JWT ID) claim provides a unique identifier for the JWT. The identifier value MUST be assigned in a manner …

Read More
Authenticating the request header with Express

I want to verify that all our get requests have a specific token in their authentication header. I can add this to our get endpoints: app.get('/events/country', function(req, res) { if (!req.headers.authorization) { return res.json({ …

Read More
How can I decode a google OAuth 2.0 JWT (OpenID Connect) in a node app?

I'm having a heck of a time here trying to use google OAuth to authenticate users in my node express app. I can successfully do the OAuth, which returns a response like so: { access_token: 'token string', id_token: 'id.…

Read More