I’m developing a small app in my free time using nodejs and express, while trying out Auth0 as a way to outsource the authentication layer nicely. One problem I face though is as I want to test out my API, which I now typically do via Insomnia (great tool btw), I couldn’t get a long lasting token to test the with.
So I figured out a quick dirty trick to fix this. Jumping through the calls through different node packages for
JWT (express-jwt -> jsonwebtoken); I found a clockTimeStamp option.
clockTimestamp: the time in seconds that should be used as the current time for all necessary comparisons.
Simply set the clockTimeStamp value to some small non-zero integer. This will fake the time
for the expiry check to think that it’s sometime at the beginning of probably unix time or something.
Some example code / barebones app:
const express = require("express");
const jwt = require("express-jwt");
const jwks = require("jwks-rsa");
require("dotenv").config();
const app = express();
const jwtOptions = {
secret: jwks.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: "https://some-domain.auth0.com/.well-known/jwks.json",
}),
audience: "http://localhost:3000/api/",
issuer: "https://some-domain.auth0.com/",
algorithms: ["RS256"],
};
// This effectively disables the expiry check
if (process.env["DISABLE_JWT_EXPIRY"]) {
console.log("WARNING: set clockTimeStamp to 0");
jwtOptions.clockTimestamp = 1;
}
let jwtCheck = jwt(jwtOptions);
app.use(express.json());
app.use(jwtCheck);
app.get("/userinfo", (req, res) => {
res.json(req.user);
});
console.log("Starting on port 4000");
app.listen(4000);Running it locally now with the DISABLE_JWT_EXPIRY environment variable set I can
skip having to get a fresh token. Another alternative would ofc be to just use
a different JWT setup for local development, but eh… too lazy :)
Of course, don’t use this anywhere outside local development.