PhilippeG
Mar 01, 2022Nimbostratus
OAuth JWT signature check but not expiration date
We implemented oAuth with JWT in an API protection profile for a mobile app and it's working fine when Signature is validated and we are in the token time range (iat/exp).
We have now a special case where users can arrive with a valid JWT (signed) but outsite the validity of it (after exp date) and we would in this case redirect them to re-login or request a new JWT.
Is there a way to only validate the signature (and not the date) and allow restricted access ?