is compactVerify supposed to throw JWTExpired?

[jayenashar]

I'm looking at #62 and it seems like it should throw an error if the token is expired, but it's not happenning for me and i have to check expiration explicitly. Is there some argument that will get it to check exp and nbf?

  let userId;
  try {
    const {payload} = await compactVerify(authToken, refreshTokenPublicKey);

    var obj = JSON.parse(decoder.decode(payload));
    userId = obj.sub; // sub is user id in refresh token

    if (Date.now() >= obj.exp * 1000) {
      res.status(401).json({message: 'Unauthorized! Expired credentials'});  
      return;
    }

  } catch(error) {
    res.status(401).json({message: 'Unauthorized! Invalid credentials'});
    return;
  }

[panva]

is compactVerify supposed to throw JWTExpired?

No. compactVerify is not processing the payload of a token at all, it's a generic JWS utility. Maybe you should use the module targetted at validating JWTs instead of one purely for JWS.

jose/jwt/verify (Verifies the JWT format (to be a JWS Compact format), verifies the JWS signature, validates the JWT Claims Set.) not jose/jws/compact/verify (Verifies the signature and format of and afterwards decodes the Compact JWS.)

[jayenashar]

thank you!