For testing purposes I reduced the time the accessToken is valid to 5min.
But now, when trying to validate an accessToken, even though the token already expired, I get a response saying the token is still “active” …:!?
2021-06-18T14:08:37.408Z mbx:utils:oidc validateAccessToken() {
accessToken: '<TOKEN>',
email: '<EMAIL>',
settings: {
issuer: 'https://dev-5283048.okta.com/oauth2/default',
clientId: '<CLIENT_ID>',
redirectUrl: 'http://localhost:81/callback/oidc/authorization-code',
clientSecret: '<CLIENT_SECRET>'
}
}
2021-06-18T14:08:38.451Z mbx:utils:oidc {
active: true,
scope: 'offline_access openid',
username: '<EMAIL>',
exp: 1624025216, // => 2021-06-18T14:06:56.000Z
iat: 1624024916,
sub: '<EMAIL>',
aud: 'api://default',
iss: 'https://dev-5283048.okta.com/oauth2/default',
jti: 'xxxxxx.....xxxxxx',
token_type: 'Bearer',
client_id: '<CLIENT_ID>',
uid: 'xxxx.....xxxxxx'
}
I made the call 2021-06-18T14:08:37.408Z, got a response at 2021-06-18T14:08:38.451Z saying that the token is active but the exp says 1624025216 => 2021-06-18T14:06:56.000Z.
I can also check for exp but it was my understanding, that the token should be active: false if expired.
Or is this because of time differences between my computer/server and the auth-server? But a couple of minutes?