-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The exp
claim should always appear in the JWT
#648
Comments
Solved in MitreID, with commit 0c64dc6. |
Just for the record, the |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
According with RFC 9068, the
exp
claim of the JWT (indicating the expiration time) should appear in the token.In IAM, when one sets the access token lifetime as infinite (value equal to 0) the
exp
claim does not appear in the AT.We should not allow users to set an infinite lifetime of the token. Suggestion on the max lifetime one can set for an AT is commented here.
The text was updated successfully, but these errors were encountered: