Verifying the expiration of JWT (token)

Junya Fujiyoshi shared this question 17 days ago
Awaiting Reply

Hi,

Let me ask you one question regarding the verification of expiration of JWT.

We are implementing the SSO environment with JWT at the customer's place.

As customer's requirement, it is required to include the information of expiration in the token.

Does Yellowfin have the function to check and verify the expiration of JWT?

If not, do you have any idea how to check and verify it?

Comments (3)

photo
1

Hi Junya,

Yellowfin does not contain any way to manage JWT tokens themselves. They are created using third-party software but can be used within Yellowfin.

If you set up the JWT to use the cookie delivery mechanism, it should be fairly simple to check the "exp" (expiry) attribute of the token for verification.

Depending on what you're using to generate JWT tokens, the code could vary, but this post on StackOverflow might help. You can compare the expiry attribute which is stored in Unix time and convert it to a standard datetime.

https://stackoverflow.com/questions/70879343/how-to-get-exp-from-jwt-token-and-compare-with-it-current-time-to-check-if-tok

Kind regards,

Chris

photo
1

Thank you Chris,


I have created the function to verify the expiration of the JWT with JWT library. Thank you very much.

However, the customer's requirement is to verify it with Yellowfin's function.

Therefore, the customer has chosen to use REST API to create SSO function, instead of JWT.


I understand that there is an existing task to support OpenID SSO in a future build.

https://community.yellowfinbi.com/topic/yellowfin-with-openid-connect

The customer might use this when it is built in the future.


Cheers,

Junya

photo
1

Hi Junya,

No worries!

If the addition of support for OpenID SSO also fulfils this requirement then I assume we can close this off and wait for the enhancement to be implemented?

Kind regards,

Chris