I've configured the token like this:
jwt.sign(
{
user: pick(user, ['_id', 'username'])
},
secret,
{
expiresIn: '2m'
}
);
But when I want to check if the token was expired, this code doesn't work:
function isAuthenticated() {
const token = localStorage.getItem('token');
const refreshToken = localStorage.getItem('refreshToken');
try {
decode(token);
const { exp } = decode(refreshToken);
if (exp < (new Date().getTime() + 1) / 1000) {
return false;
}
} catch (err) {
return false;
}
return true;
}
The problem is this part:
if (exp < (new Date().getTime() + 1) / 1000) {
return false;
}
new Date().getTime() + 1) / 1000 = 1531335468.113
exp = 1531334595
Because I don't know what format of time JWT uses...
How can I resolve this?
Santiago Trujillo
This is the answer:
if (Date.now() >= exp * 1000) {
return false;
}
You should use jwt.verify. It will check if the token is expired.
jwt.decode should not be used if the source is not trusted as it doesn't check if the token is valid.
Function without the jwt
library:
Browser
function isTokenExpired(token) {
const base64Url = token.split(".")[1];
const base64 = base64Url.replace(/-/g, "+").replace(/_/g, "/");
const jsonPayload = decodeURIComponent(
atob(base64)
.split("")
.map(function (c) {
return "%" + ("00" + c.charCodeAt(0).toString(16)).slice(-2);
})
.join("")
);
const { exp } = JSON.parse(jsonPayload);
const expired = Date.now() >= exp * 1000
return expired
}
Or simpler
function isTokenExpired(token) {
const expiry = (JSON.parse(atob(token.split('.')[1]))).exp;
return (Math.floor((new Date).getTime() / 1000)) >= expiry;
}
Or a one-liner:
const isTokenExpired = token => Date.now() >= (JSON.parse(atob(token.split('.')[1]))).exp * 1000
Node.js
function isTokenExpired(token) {
const payloadBase64 = token.split('.')[1];
const decodedJson = Buffer.from(payloadBase64, 'base64').toString();
const decoded = JSON.parse(decodedJson)
const exp = decoded.exp;
const expired = (Date.now() >= exp * 1000)
return expired
}
Or a one-liner:
const isTokenExpired = (token) => (Date.now() >= JSON.parse(Buffer.from(token.split('.')[1], 'base64').toString()).exp * 1000)