I'm using jsonwebtoken package for node.js:
Creating the token like that:
var token = jwt.sign(user, tokenSecret, {expiresInMinutes: 1});
Verifying like that:
jwt.verify(token, tokenSecret, function(err, decoded) {
if(err) return done(new Error('Invalid authentication!'));
if(!decoded) return done(null, false);
return done(null, decoded, { scope: 'all'});
});
However my token never expires (I waited some minutes between the "requests").
Ok, i have some idea, try dump user object before create token. Something like this:
db.user.find(query, function(user){
var userInfo = {
id: user.id,
name: user.name,
role: user.role
}
return jwt.sign(userInfo, tokenSecret, {expiresInMinutes: 1});
})