javascriptauthenticationjwtauth0password-less

Using JavaScript, how do I check that an Auth0 passwordless session has expired


I'm using Auth0 passwordless authentication for my application which works great. I get a JWT for authentication and pass that in my authorisation header for requests to my API and it works great, however once a token expires I get 401s from my API as expected.

I'd like to be able to pre-empt this in the front end and either make my front-end aware of an expired JWT, or refresh my token without the user having to log in again.

Documentation for Auth0 lock-passwordless hasn't turned up anything


Solution

  • your JWT will probably contain the information in the field exp (expiration time), eg.

    "exp": 1490268359,
    

    You can decode the token on client side, it's base64 encoded JSON. Check it on https://jwt.io/ . The exp field is a unix timestamp in seconds after 1970-01-01 00:00:00 UTC

    check also here: https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4 about exp and other claims in a JWT