node-jsonwebtoken: Expiration doesn't work
➜ backend git:(user-auth) ✗ node
> var j= require('jsonwebtoken');
undefined
> j.sign('test', 'test', {expiresInMinutes:1});
invalid "expiresInMinutes" option for string payload
jsonwebtoken: expiresInMinutes and expiresInSeconds is deprecated. ()
Use "expiresIn" expressed in seconds.
'eyJhbGciOiJIUzI1NiJ9.dGVzdA.2WmFS_EAdYFCBOFM9pVPo9g4bpuI2I9U_JGTCfrx7Tk'
> j.sign('test', 'test', {expiresIn:60});
invalid "expiresIn" option for string payload
Error: "expiresIn" should be a number of seconds or string representing a timespan eg: "1d", "20h", 60
at Object.JWT.sign (/Users/joehenry/meals/backend/node_modules/jsonwebtoken/index.js:109:13)
at repl:1:3
at REPLServer.defaultEval (repl.js:252:27)
at bound (domain.js:287:14)
at REPLServer.runBound [as eval] (domain.js:300:12)
at REPLServer.<anonymous> (repl.js:417:12)
at emitOne (events.js:82:20)
at REPLServer.emit (events.js:169:7)
at REPLServer.Interface._onLine (readline.js:210:10)
at REPLServer.Interface._line (readline.js:549:8)
>
Am I doing something wrong?
About this issue
- Original URL
- State: closed
- Created 8 years ago
- Comments: 20 (5 by maintainers)
Commits related to this issue
- Updating deprecated parameter https://github.com/auth0/node-jsonwebtoken/issues/166 — committed to ianakiara/express-rest-jwt by ianakiara 8 years ago
I was getting this error, and it had nothing to do with the options I was passing or anything to do with the
expiresIn
option. Like what @alikarimii was saying, the payload you are signing needs to be an Object. WRONG:jwt.sign(user.id, secret, { expiresIn: 60 * 60, algorithm: 'HS256'})
GOOD:jwt.sign({ uid: user.id }, secret, { expiresIn: 60 * 60, algorithm: 'HS256'})
expiresInMinutes
was deprecated, you should useexpiresIn: '5m'
for instance.Where did you saw that so we can update?
@michaeloryl yes, if you use an string payload expiresIn is ignored. You should use an object instead.
@kamilbrzezinski JWT is JSON Web Token, the
exp
field is an standard claim and is part of the json.an string is a valid json:
but a string can’t have a property… it will be the equivalent to something like this:
Besides the fact that you can’t add a property to an string in javascript, there is not a representation in JSON of an string with a property.
I was getting a deprecation for expiresInMinutes so changed to expireIn, and am still getting similar.
var token = jwt.sign(escaped, config.secret, { expiresIn: '5h' });
andvar token = jwt.sign(escaped, config.secret, { expiresIn: 60*60*5 });
both resulted in the errorThanks @michaeloryl I think the error message should be more explicit… I lost a couple of hours here also
It looks like the issue is exactly what the warning is. You can’t put an expiration on a string payload. It throws a warning about it then continues to fall through and attempt to set payload.exp (but payload is a string), then sees that payload.exp is undefined so assumed you passed something poorly instead of ignoring the invalid option.
for me ,this error occurs because payload is string. pass object like this to sign function
let payload ={test: 'test string'}
if I set the expiry as { expiresIn : ‘365d’ } , so should i be assured it will last for 1 year
So instead of using this in my code:
I instead have to use this?
Is that what we’re looking at here? This has been driving me crazy because no matter what I did with the expires time, it failed. And it didn’t fail on all environments where the application was running.