JWT Token expiration

[dejecj]

I have a question about the access tokens issued by the api. It doesn't seem like they expire. Is this right? I am trying to integrate the manager into my own web app to seamlessly add hosts and generate SSLs but I can't figure out how to get the token to issue with an expiration from the REST endpoint "/token". The payload contains a secret and identity property and tried adding the "expiry" property which returns an "expires" property with the value I would expect but the token keeps functioning after that expires date has passed.

I know this might me outside the scope of how you want the manager to be used but it would be a great help if someone could point me in the right direction. Thanks.

[jc21]

I just inspected my JWT and there should have been an expiration time on it - and it's gone. I'll have to look in to this further.

[dejecj]

@jc21 Ok thanks, I'll also look at the source and I'll let you know if I see anything.

[dejecj]

@jc21 I think I found the issue, It looks like the token model's create method is expecting the second parameter to have an object with a property called expires but it's actually receiving an object with a property called expiresIn from the method getTokenFromEmail

[jc21]

Awesome work. I'll get that fixed soon