In jsonwebtoken
, the option ignoreExpiration
can be used as below for HS256:
const jwt = require("jsonwebtoken");
const decoded = await jwt.verify(jwt_token, process.env.jwtPrivateKey,
{ignoreExpiration: true});
Now the app is migrating to node-jose 2.0.9
. Is ignoreExpiration
still a valid option in node-jose
as well?
const jose = require('node-jose');
const decoded = await jose.JWT.createVerify(pubkey, {ignoreExpiration: true,
algorithms: ['EdDSA']}).verify(jwt_token); //Is ignoreExpiration valid here?
node-jose
is for general JOSE constructs, it does not support the JWT Claim Set validations like exp
, iat
, iss
, aud
, etc.
Therefore ignoreExpiration
is not a valid option for any of the node-jose
APIs.
You can of course refer to node-jose
documentation to see there's no mention of any such option.