I have generated JWT using Auth0 JWT library,
algorithm = Algorithm.HMAC256(secretkey);
token = JWT.create()
.withIssuer(issuer)
.withExpiresAt(UTCExpDate) //UTC now + 30 mins added
.withIssuedAt(UTCDate)
.sign(algorithm);
When I try to verify by following code,
Algorithm algorithm = Algorithm.HMAC256(secretkey);
JWTVerifier verifier = JWT.require(algorithm)
.withIssuer(issuer)
.build();
DecodedJWT jwt = verifier.verify(token);
Getting following TokenExpiredException exception, because its verifying with current Time Zone that is +5.30 not UTC. Any right way to solve this issue ?
com.auth0.jwt.exceptions.TokenExpiredException: The Token has expired on Tue May 08 13:55:57 IST 2018.
at com.auth0.jwt.JWTVerifier.assertDateIsFuture(JWTVerifier.java:441)
at com.auth0.jwt.JWTVerifier.assertValidDateClaim(JWTVerifier.java:432)
Note: Temporally I am solving this with adding .acceptExpiresAt(19800) while verifying. But I am looking for right solution for UTC verification.
According to the documentation, you could provide a custom Clock implementation. Cast the Verification instance to a BaseVerification to gain visibility of the verification.build() method that accepts a custom Clock. For example:
BaseVerification verification = (BaseVerification) JWT.require(algorithm)
.acceptLeeway(1)
.acceptExpiresAt(5);
Clock clock = new CustomClock(); // Must implement Clock interface
JWTVerifier verifier = verification.build(clock);