node-jsonwebtoken: Expiration doesn't work

➜  backend git:(user-auth) ✗ node
> var j= require('jsonwebtoken');
undefined
> j.sign('test', 'test', {expiresInMinutes:1});
invalid "expiresInMinutes" option for string payload
jsonwebtoken: expiresInMinutes and expiresInSeconds is deprecated. ()
Use "expiresIn" expressed in seconds.
'eyJhbGciOiJIUzI1NiJ9.dGVzdA.2WmFS_EAdYFCBOFM9pVPo9g4bpuI2I9U_JGTCfrx7Tk'
> j.sign('test', 'test', {expiresIn:60});
invalid "expiresIn" option for string payload
Error: "expiresIn" should be a number of seconds or string representing a timespan eg: "1d", "20h", 60
    at Object.JWT.sign (/Users/joehenry/meals/backend/node_modules/jsonwebtoken/index.js:109:13)
    at repl:1:3
    at REPLServer.defaultEval (repl.js:252:27)
    at bound (domain.js:287:14)
    at REPLServer.runBound [as eval] (domain.js:300:12)
    at REPLServer.<anonymous> (repl.js:417:12)
    at emitOne (events.js:82:20)
    at REPLServer.emit (events.js:169:7)
    at REPLServer.Interface._onLine (readline.js:210:10)
    at REPLServer.Interface._line (readline.js:549:8)
> 

Am I doing something wrong?

About this issue

  • Original URL
  • State: closed
  • Created 8 years ago
  • Comments: 20 (5 by maintainers)

Commits related to this issue

Most upvoted comments

I was getting this error, and it had nothing to do with the options I was passing or anything to do with the expiresIn option. Like what @alikarimii was saying, the payload you are signing needs to be an Object. WRONG: jwt.sign(user.id, secret, { expiresIn: 60 * 60, algorithm: 'HS256'}) GOOD: jwt.sign({ uid: user.id }, secret, { expiresIn: 60 * 60, algorithm: 'HS256'})

expiresInMinutes was deprecated, you should use expiresIn: '5m' for instance.

Where did you saw that so we can update?

@michaeloryl yes, if you use an string payload expiresIn is ignored. You should use an object instead.

@kamilbrzezinski JWT is JSON Web Token, the exp field is an standard claim and is part of the json.

an string is a valid json:

> JSON.stringify("foo")
'"foo"'
> JSON.parse(JSON.stringify("foo")) === 'foo'
true

but a string can’t have a property… it will be the equivalent to something like this:

> var a = "foo"
> a.exp = 12333
> JSON.stringify(a)
'"foo"'

Besides the fact that you can’t add a property to an string in javascript, there is not a representation in JSON of an string with a property.

I was getting a deprecation for expiresInMinutes so changed to expireIn, and am still getting similar. var token = jwt.sign(escaped, config.secret, { expiresIn: '5h' }); and var token = jwt.sign(escaped, config.secret, { expiresIn: 60*60*5 }); both resulted in the error

invalid "expiresIn" option for string payload
Error: "expiresIn" should be a number of seconds or string representing a timespan eg: "1d", "20h", 60

Thanks @michaeloryl I think the error message should be more explicit… I lost a couple of hours here also

It looks like the issue is exactly what the warning is. You can’t put an expiration on a string payload. It throws a warning about it then continues to fall through and attempt to set payload.exp (but payload is a string), then sees that payload.exp is undefined so assumed you passed something poorly instead of ignoring the invalid option.

for me ,this error occurs because payload is string. pass object like this to sign function let payload ={test: 'test string'}

if I set the expiry as { expiresIn : ‘365d’ } , so should i be assured it will last for 1 year

So instead of using this in my code:

return done(err, status, jwt.sign(JSON.stringify(jsonToken), config.secret, {expiresIn: '10h'}));

I instead have to use this?

return done(err, status, jwt.sign(jsonToken, config.secret, {expiresIn: '10h'}));

Is that what we’re looking at here? This has been driving me crazy because no matter what I did with the expires time, it failed. And it didn’t fail on all environments where the application was running.