cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

OAuth JWT signature check but not expiration date

PhilippeG
Nimbostratus
Nimbostratus

We implemented oAuth with JWT in an API protection profile for a mobile app and it's working fine when Signature is validated and we are in the token time range (iat/exp).

We have now a special case where users can arrive with a valid JWT (signed) but outsite the validity of it (after exp date) and we would in this case redirect them to re-login or request a new JWT.

Is there a way to only validate the signature (and not the date) and allow restricted access ?

0 REPLIES 0