Forum Discussion

Nimbostratus

Mar 01, 2022

OAuth JWT signature check but not expiration date

We implemented oAuth with JWT in an API protection profile for a mobile app and it's working fine when Signature is validated and we are in the token time range (iat/exp).

We have now a special case where users can arrive with a valid JWT (signed) but outsite the validity of it (after exp date) and we would in this case redirect them to re-login or request a new JWT.

Is there a way to only validate the signature (and not the date) and allow restricted access ?

security

No RepliesBe the first to reply

Forum Discussion

OAuth JWT signature check but not expiration date

Recent Discussions

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Related Content

Basic OAuth concept and OAuth with F5 solutions

Implementing basic OAuth with F5 BIG-IP APM

iRuleLX Solution for OAUTH JWT authenticated Salesforce Query

LTM Certificate expire

Monitoring Failure OAuth request