Forum Discussion

PhilippeG's avatar
Icon for Nimbostratus rankNimbostratus
Mar 01, 2022

OAuth JWT signature check but not expiration date

We implemented oAuth with JWT in an API protection profile for a mobile app and it's working fine when Signature is validated and we are in the token time range (iat/exp).

We have now a special case where users can arrive with a valid JWT (signed) but outsite the validity of it (after exp date) and we would in this case redirect them to re-login or request a new JWT.

Is there a way to only validate the signature (and not the date) and allow restricted access ?

No RepliesBe the first to reply