This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

GenerateJWT: Exp claim missing in jwt token when ExpiresIn is set to less than 1 second

Posted on 12-02-2024 08:10 AM
bnaniwadekar
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Platform: ApigeeEdge

When using GenerateJWT policy to generate a JWT token, exp claim is not set when the ExpiresIn property value is set to less than 1 second. Apigee Edge appears to silently ignore this value (between 1-999ms) and as a result it generates a jwt with no exp claim, which means it never expires.

I did not find any documentation regarding this behavior and not sure whether it is a bug.

If ExpiresIn value is something the engine does not like, then instead of silently ignoring it and not setting the exp claim poses a security risk. 

 

Solved Solved
0 4 222
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to bnaniwadekar
Reply posted on --/--/---- --:-- AM

They'll probably ask you for a test case that reproduces what you are observing. I tried my test ^^ attached above in Apigee Edge, and observed what you observed. 

I expect that the support and engineering team will assign a lower priority since it's not impeding your work. 

View solution in original post

Jump to Solution
4 REPLIES 4
Top Solution Authors
View all