A hacky way to disable NodeJS JWT expiry for development

I'm developing a small app in my free time using the nodejs and express, trying out Auth0 as a way to handle authentication nicely. One problem I face though is as I want to test out my API, which I now typically do via Insomnia (great tool btw), I couldn't get a long lasting token to play around with.

So I figured out a quick dirty trick to fix this. Going through the different node packages for JWT; I found a clockTimeStamp option.

clockTimestamp: the time in seconds that should be used as the current time for all necessary comparisons.

Simply set the clockTimeStamp value to some small non-zero integer. This will fake the time for the expiry check to think that it's sometime at the beginning of probably unix time or something.

Some example code:

const express = require("express");
const jwt = require("express-jwt");
const jwks = require("jwks-rsa");

const app = express();

const jwtOptions = {
  secret: jwks.expressJwtSecret({
    cache: true,
    rateLimit: true,
    jwksRequestsPerMinute: 5,
    jwksUri: "https://some-domain.auth0.com/.well-known/jwks.json"
  audience: "http://localhost:3000/api/",
  issuer: "https://some-domain.auth0.com/",
  algorithms: ["RS256"]

// This effectively disables the expiry check
if (process.env["DISABLE_JWT_EXPIRY"]) {
  console.log("WARNING: set clockTimeStamp to 0");
  jwtOptions.clockTimestamp = 1;

let jwtCheck = jwt(jwtOptions);

app.get("/userinfo", (req, res) => {

console.log("Starting on port 4000");