josenode-jose

Is options ignoreExpiration still valid in node-jose?


In jsonwebtoken, the option ignoreExpiration can be used as below for HS256:

const jwt = require("jsonwebtoken");
const decoded = await jwt.verify(jwt_token, process.env.jwtPrivateKey,
    {ignoreExpiration: true});

Now the app is migrating to node-jose 2.0.9. Is ignoreExpiration still a valid option in node-jose as well?

const jose = require('node-jose');
const decoded = await jose.JWT.createVerify(pubkey, {ignoreExpiration: true,
    algorithms: ['EdDSA']}).verify(jwt_token); //Is ignoreExpiration valid here?

Solution

  • node-jose is for general JOSE constructs, it does not support the JWT Claim Set validations like exp, iat, iss, aud, etc.

    Therefore ignoreExpiration is not a valid option for any of the node-jose APIs.

    You can of course refer to node-jose documentation to see there's no mention of any such option.