Is it possible to verify if a JWE token has expired? or set an expiry time for a JWE token? #299
Answered
by
panva
dalegacusan
asked this question in
Q&A
-
Just like JWTs where they have an expiration time, is it possible with jose? |
Beta Was this translation helpful? Give feedback.
Answered by
panva
Oct 24, 2021
Replies: 1 comment 3 replies
-
JWEs just like JWSs do not have expiration. JWT in either JWS or JWE syntax do. And for JWT using JWE syntax there's a module. 12. Be sure to choose the right algorithm for encrypted JWEs tho. They only really make sense if you're both the issuer and recipient, the alg: dir and enc: A256GCM is a good fit then. Otherwise Signed JWTs are really superior in being able to provide non-repudiation. Footnotes |
Beta Was this translation helpful? Give feedback.
3 replies
Answer selected by
dalegacusan
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
JWEs just like JWSs do not have expiration. JWT in either JWS or JWE syntax do. And for JWT using JWE syntax there's a module. 12. Be sure to choose the right algorithm for encrypted JWEs tho. They only really make sense if you're both the issuer and recipient, the alg: dir and enc: A256GCM is a good fit then. Otherwise Signed JWTs are really superior in being able to provide non-repudiation.
Footnotes
https://github.com/panva/jose/blob/v4.1.1/docs/classes/jwt_encrypt.EncryptJWT.md ↩
https://github.com/panva/jose/blob/v4.1.1/docs/functions/jwt_decrypt.jwtDecrypt.md ↩