Is options ignoreExpiration still valid in node-jose?

Question

In jasonwebtoken, the option ignoreExpiration can be used as below for HS256:

const jwt = require("jsonwebtoken");
const decoded = await jwt.verify(jwt_token, process.env.jwtPrivateKey,
    {ignoreExpiration: true});

Now the app is migrating to node-jose 2.0.9. Is ignoreExpiration still a valid option in node-jose as well?

const jose = require('node-jose');
const decoded = await jose.JWT.createVerify(pubkey, {ignoreExpiration: true,
    algorithms: ['EdDSA']}).verify(jwt_token); //Is ignoreExpiration valid here?

score 1 · Accepted Answer · answered Mar 29 '21 at 10:39

node-jose is for general JOSE constructs, it does not support the JWT Claim Set validations like exp, iat, iss, aud, etc.

Therefore ignoreExpiration is not a valid option for any of the node-jose APIs.

You can of course refer to node-jose documentation to see there's no mention of any such option.

Is options ignoreExpiration still valid in node-jose?

1 Answers1