JWT decode fails with invalid exp value

Question

I am using module jsonwebtoken 8.4.0 in a nodejs 10.2.0 app. A JWT token is generated on https://jwt.io for test purpose:

Here in payload, the exp is expiration date and the string is correctly formatted in JSON. Then the JWT token on the left is submitted to the app for verification. Here is the line of code (as 29:33 below) which fails:

const decoded = jwt.verify(jwt_token, process.env.jwtPrivateKey);

The error is:

{ JsonWebTokenError: invalid exp value
    at C:\d\code\js\emps_bbone\node_modules\jsonwebtoken\verify.js:149:21
    at getSecret (C:\d\code\js\emps_bbone\node_modules\jsonwebtoken\verify.js:90:14)
    at Object.module.exports [as verify] (C:\d\code\js\emps_bbone\node_modules\jsonwebtoken\verify.js:94:10)
    at module.exports (C:\d\code\js\emps_bbone\middleware\auth_userinfo.js:29:33)

The error is complaining about the invalid exp value. Also obviously there is a valid jwt token generated with the payload. jsonwebtoken decode only need to return the original payload exp, which is a string, why it failed?

Answer 1

You need to provide exp as NumericDate. Apparently you cannot use the date format that you provided.

See documentation: https://www.npmjs.com/package/jsonwebtoken#token-expiration-exp-claim

See specification: https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4