You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
bug: When we use the jwt-auth plugin, no matter how much the exp in the payload is set to, the actual token expiration time will be the current time + the default expiration time (1 day)
#11650
Closed
fanyu-byte opened this issue
Oct 15, 2024
· 2 comments
When we use the jwt-auth plugin, no matter how much the exp in the payload is set to, the actual token expiration time will be the current time + the default expiration time (1 day)
Expected Behavior
the token expiretime should same as which i configed in the payload
The exp used in the API for issuing tokens on the data plane comes from the plugin configuration, not specified in the payload, so this issue is expected.
In the latest code of Apache APISIX, the JWT signature function has been removed. You can use a third-party tool to generate a signature and verify it in the API gateway.
Current Behavior
When we use the jwt-auth plugin, no matter how much the exp in the payload is set to, the actual token expiration time will be the current time + the default expiration time (1 day)
Expected Behavior
the token expiretime should same as which i configed in the payload
Error Logs
No response
Steps to Reproduce
start apisix and jwt-plugin
generage jwt-token and write payload contains exp , such as
curl -G --data-urlencode 'payload={"uid":10000,"uname":"test","exp":1728976481}' http://127.0.0.1:9080/apisix/plugin/jwt/sign?key=merchant-key
Parse the token to check the exp and see if it is consistent with the expectation.
Environment
apisix version
): 3.10.0uname -a
): wsl2.0openresty -V
ornginx -V
):curl http://127.0.0.1:9090/v1/server_info
):luarocks --version
):The text was updated successfully, but these errors were encountered: