How Long is a JWT Token Valid ?
Last Updated :
10 Jun, 2024
JSON Web Tokens (JWTs) are widely used for authentication and authorization in modern web applications and APIs. One crucial aspect of JWTs is their validity period, which determines how long a token remains valid after it has been issued. In this article, we'll delve into the factors influencing the validity period of JWT tokens and best practices for setting their expiration time.
What is a JWT Token?
Before discussing the validity period, let's briefly review what a JWT token is. A JSON Web Token (JWT) is a compact, URL-safe means of representing claims securely between two parties. It comprises three sections: a header, a payload, and a signature. The payload contains the claims, which are statements about an entity (typically, the user) and additional data. Claims can include information such as the user's identity, permissions, and expiration time.
Importance of Validity Period
The validity period of a JWT token is crucial for security and access control. It ensures that tokens have a limited lifespan, reducing the risk of unauthorized access if a token is compromised. Setting an appropriate expiration time for JWT tokens is essential for balancing security requirements with user convenience and system performance.
The sign() method of the JSON Webtoken library is used for creating a token that accepts certain information as parameter objects and returns the generated token.
Syntax:
jwt.sign(payload, secretOrPrivateKey, [options, callback])
Parameters:
- payload: It is the information to be encrypted in the token
- secretKey: It is the signature or can say a code that is used to identify the authenticity of the token.
- options: In the option, we pass certain information about the token and that's the place where we provide the duration of the token up to which it will be valid.
Return type:
This method will return JWT token
Example: Implementation to create a token with 10 minutes expiry.
Steps to Implement JWT Token with Expiry
Step 1: Create a node project
As we are working on a node library it is a mandatory step to create a node project, write npm init in the terminal. It will ask for a few configurations about your project which is super easy to provide.
npm init
Step 2: Install the "jsonwebtoken" Package
Before going to write the JWT code we must have to install the package,
npm install jsonwebtoken
This would be our project structure after installation where node_modules contain the modules and package.json stores the description of the project. Also, we have created an app.js file to write the entire code.
Project Structure:
Step 3: Creating JWT token with a definite expire time.
There are two methods of registering the expiry of the token both are shown below with an explanation.
- Creating an expression of an expiry time.
- Providing expiry time of JWT token in the options argument of the method.
Approach 1: There exists a key exp in which we can provide the number of seconds since the epoch and the token will be valid till those seconds.
JavaScript
// Importing module
const jwt = require('jsonwebtoken');
const token = jwt.sign({
// Expression for initialising expiry time
exp: Math.floor(Date.now() / 1000) + (10 * 60),
data: 'Token Data'
}, 'secretKey');
const date = new Date();
console.log(`Token Generated at:- ${date.getHours()}
:${date.getMinutes()}
:${date.getSeconds()}`);
// Printing the JWT token
console.log(token);
Output:
Approach 2: In this method, we can pass the time to expiresIn key in the options, it requires the number of seconds till the token will remain valid or the string of duration as '1h', '2h', '10m', etc.
JavaScript
// Importing module
const jwt = require('jsonwebtoken');
const token = jwt.sign({
// Assigning data value
data: 'Token Data'
}, 'secretKey', {
expiresIn: '10m'
});
const date = new Date();
console.log(`Token Generated at:- ${date.getHours()}
:${date.getMinutes()}
:${date.getSeconds()}`);
// Printing JWT token
console.log(token);
Output:
Step 4: Verify the token in terms of expiry duration
We have successfully generated the token now it's time to verify whether the code is working in its intended way or not.
JavaScript
//Importing module
const jwt = require('jsonwebtoken');
// JWT token
const token =
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2Mzc4NjgxMzMsImRhdGWf"
const date = new Date();
// Verifying the JWT token
jwt.verify(token, 'secretKey', function(err, decoded) {
if (err) {
console.log(`${date.getHours()}:${date.getMinutes()}
:${date.getSeconds()}`);
console.log(err);
}
else {
console.log(`${date.getHours()}:${date.getMinutes()}
:${date.getSeconds()}`);
console.log("Token verifified successfully");
}
});
Before 10 minutes:
Output 1: Here we are checking before 10 minutes of generating token, as expected the else block of code will work.
After 10 minutes:
Output 2: Here we are checking once the token is expired, the TokenExpirationError will be thrown in this case.
Factors Influencing Validity Period
Several factors influence the validity period of JWT tokens:
- Security Requirements: The sensitivity of the data and the security policies of the application or organization influence the choice of token validity period. More sensitive operations may require shorter-lived tokens to minimize the window of vulnerability.
- Regulatory Compliance: Compliance requirements, such as GDPR (General Data Protection Regulation) in the European Union, may mandate specific data retention and access control practices, including token expiration policies.
- User Experience: Longer-lived tokens provide a smoother user experience by reducing the frequency of token renewal or reauthentication. However, this convenience must be balanced with security considerations.
- Token Revocation Mechanisms: The presence of token revocation mechanisms, such as blacklisting or token invalidation, affects the acceptable validity period. Shorter-lived tokens may be preferable when efficient revocation mechanisms are in place.
Best Practices for Setting Validity Period
When setting the validity period of JWT tokens, consider the following best practices:
- Short-Lived Tokens: Prefer shorter-lived tokens to minimize the risk of unauthorized access in case of token leakage or compromise. Typical expiration times range from minutes to hours, depending on the application's security requirements.
- Refresh Tokens: Combine short-lived access tokens with longer-lived refresh tokens. Refresh tokens can be used to obtain new access tokens without requiring the user to reauthenticate, mitigating the impact of short expiration times on user experience.
- Dynamic Expiration: Implement dynamic expiration policies based on user activity, session context, or access patterns. Extend the expiration time for active sessions while revoking inactive or suspicious tokens promptly.
- Token Rotation: Periodically rotate JWT tokens and refresh tokens to limit their lifespan and reduce the likelihood of successful token-based attacks.
Conclusion
The validity period of JWT tokens plays a critical role in ensuring the security, compliance, and usability of authentication mechanisms in web applications and APIs. By setting appropriate expiration times and adopting best practices for token management, developers can strike a balance between security requirements and user experience, thereby enhancing the overall resilience and trustworthiness of their systems.
Similar Reads
Node.js Tutorial Node.js is a powerful, open-source, and cross-platform JavaScript runtime environment built on Chrome's V8 engine. It allows you to run JavaScript code outside the browser, making it ideal for building scalable server-side and networking applications.JavaScript was mainly used for frontend developme
4 min read
Introduction & Installation
NodeJS IntroductionNodeJS is a runtime environment for executing JavaScript outside the browser, built on the V8 JavaScript engine. It enables server-side development, supports asynchronous, event-driven programming, and efficiently handles scalable network applications. NodeJS is single-threaded, utilizing an event l
5 min read
Node.js Roadmap: A Complete GuideNode.js has become one of the most popular technologies for building modern web applications. It allows developers to use JavaScript on the server side, making it easy to create fast, scalable, and efficient applications. Whether you want to build APIs, real-time applications, or full-stack web apps
6 min read
How to Install Node.js on LinuxInstalling Node.js on a Linux-based operating system can vary slightly depending on your distribution. This guide will walk you through various methods to install Node.js and npm (Node Package Manager) on Linux, whether using Ubuntu, Debian, or other distributions.PrerequisitesA Linux System: such a
6 min read
How to Install Node.js on WindowsInstalling Node.js on Windows is a straightforward process, but it's essential to follow the right steps to ensure smooth setup and proper functioning of Node Package Manager (NPM), which is crucial for managing dependencies and packages. This guide will walk you through the official site, NVM, Wind
6 min read
How to Install NodeJS on MacOSNode.js is a popular JavaScript runtime used for building server-side applications. It’s cross-platform and works seamlessly on macOS, Windows, and Linux systems. In this article, we'll guide you through the process of installing Node.js on your macOS system.What is Node.jsNode.js is an open-source,
6 min read
Node.js vs Browser - Top Differences That Every Developer Should KnowNode.js and Web browsers are two different but interrelated technologies in web development. JavaScript is executed in both the environment, node.js, and browser but for different use cases. Since JavaScript is the common Programming language in both, it is a huge advantage for developers to code bo
6 min read
NodeJS REPL (READ, EVAL, PRINT, LOOP)NodeJS REPL (Read-Eval-Print Loop) is an interactive shell that allows you to execute JavaScript code line-by-line and see immediate results. This tool is extremely useful for quick testing, debugging, and learning, providing a sandbox where you can experiment with JavaScript code in a NodeJS enviro
5 min read
Explain V8 engine in Node.jsThe V8 engine is one of the core components of Node.js, and understanding its role and how it works can significantly improve your understanding of how Node.js executes JavaScript code. In this article, we will discuss the V8 engine’s importance and its working in the context of Node.js.What is a V8
7 min read
Node.js Web Application ArchitectureNode.js is a JavaScript-based platform mainly used to create I/O-intensive web applications such as chat apps, multimedia streaming sites, etc. It is built on Google Chrome’s V8 JavaScript engine. Web ApplicationsA web application is software that runs on a server and is rendered by a client browser
3 min read
NodeJS Event LoopThe event loop in Node.js is a mechanism that allows asynchronous tasks to be handled efficiently without blocking the execution of other operations. It:Executes JavaScript synchronously first and then processes asynchronous operations.Delegates heavy tasks like I/O operations, timers, and network r
5 min read
Node.js Modules , Buffer & Streams
NodeJS ModulesIn NodeJS, modules play an important role in organizing, structuring, and reusing code efficiently. A module is a self-contained block of code that can be exported and imported into different parts of an application. This modular approach helps developers manage large projects, making them more scal
6 min read
What are Buffers in Node.js ?Buffers are an essential concept in Node.js, especially when working with binary data streams such as files, network protocols, or image processing. Unlike JavaScript, which is typically used to handle text-based data, Node.js provides buffers to manage raw binary data. This article delves into what
4 min read
Node.js StreamsNode.js streams are a key part of handling I/O operations efficiently. They provide a way to read or write data continuously, allowing for efficient data processing, manipulation, and transfer.\Node.js StreamsThe stream module in Node.js provides an abstraction for working with streaming data. Strea
4 min read
Node.js Asynchronous Programming
Node.js NPM
NodeJS NPMNPM (Node Package Manager) is a package manager for NodeJS modules. It helps developers manage project dependencies, scripts, and third-party libraries. By installing NodeJS on your system, NPM is automatically installed, and ready to use.It is primarily used to manage packages or modules—these are
6 min read
Steps to Create and Publish NPM packagesIn this article, we will learn how to develop and publish your own npm package (also called an NPM module). There are many benefits of NPM packages, some of them are listed below: Reusable codeManaging code (using versioning)Sharing code The life-cycle of an npm package takes place like below: Modu
7 min read
Introduction to NPM scriptsNPM is a Node Package Manager. It is the world's largest Software Registry. This registry contains over 800,000 code packages. Many Open-source developers use npm to share software. Many organizations also use npm to manage private development. "npm scripts" are the entries in the scripts field of t
2 min read
Node.js package.jsonThe package.json file is the heart of Node.js system. It is the manifest file of any Node.js project and contains the metadata of the project. The package.json file is the essential part to understand, learn and work with the Node.js. It is the first step to learn about development in Node.js.What d
4 min read
What is package-lock.json ?package-lock.json is a file that is generated when we try to install the node. It is generated by the Node Package Manager(npm). package-lock.json will ensure that the same versions of packages are installed. It contains the name, dependencies, and locked version of the project. It will check that s
3 min read
Node.js Deployments & Communication
Node DebuggingDebugging is an essential part of software development that helps developers identify and fix errors. This ensures that the application runs smoothly without causing errors. NodeJS is the JavaScript runtime environment that provides various debugging tools for troubleshooting the application.What is
3 min read
How to Perform Testing in Node.js ?Testing is a method to check whether the functionality of an application is the same as expected or not. It helps to ensure that the output is the same as the required output. How Testing can be done in Node.js? There are various methods by which tasting can be done in Node.js, but one of the simple
2 min read
Unit Testing of Node.js ApplicationNode.js is a widely used javascript library based on Chrome's V8 JavaScript engine for developing server-side applications in web development. Unit Testing is a software testing method where individual units/components are tested in isolation. A unit can be described as the smallest testable part of
5 min read
NODE_ENV Variables and How to Use Them ?Introduction: NODE_ENV variables are environment variables that are made popularized by the express framework. The value of this type of variable can be set dynamically depending on the environment(i.e., development/production) the program is running on. The NODE_ENV works like a flag which indicate
2 min read
Difference Between Development and Production in Node.jsIn this article, we will explore the key differences between development and production environments in Node.js. Understanding these differences is crucial for deploying and managing Node.js applications effectively. IntroductionNode.js applications can behave differently depending on whether they a
3 min read
Best Security Practices in Node.jsThe security of an application is extremely important when we build a highly scalable and big project. So in this article, we are going to discuss some of the best practices that we need to follow in Node.js projects so that there are no security issues at a later point of time. In this article, we
4 min read
Deploying Node.js ApplicationsDeploying a NodeJS application can be a smooth process with the right tools and strategies. This article will guide you through the basics of deploying NodeJS applications.To show how to deploy a NodeJS app, we are first going to create a sample application for a better understanding of the process.
5 min read
How to Build a Microservices Architecture with NodeJSMicroservices architecture allows us to break down complex applications into smaller, independently deployable services. Node.js, with its non-blocking I/O and event-driven nature, is an excellent choice for building microservices. How to Build a Microservices Architecture with NodeJS?Microservices
3 min read
Node.js with WebAssemblyWebAssembly, often abbreviated as Wasm, is a cutting-edge technology that offers a high-performance assembly-like language capable of being compiled from various programming languages such as C/C++, Rust, and AssemblyScript. This technology is widely supported by major browsers including Chrome, Fir
3 min read
Resources & Tools
Node.js Web ServerA NodeJS web server is a server built using NodeJS to handle HTTP requests and responses. Unlike traditional web servers like Apache or Nginx, which are primarily designed to give static content, NodeJS web servers can handle both static and dynamic content while supporting real-time communication.
6 min read
Node Exercises, Practice Questions and SolutionsNode Exercise: Explore interactive quizzes, track progress, and enhance coding skills with our engaging portal. Ideal for beginners and experienced developers, Level up your Node proficiency at your own pace. Start coding now! #content-iframe { width: 100%; height: 500px;} @media (max-width: 768px)
4 min read
Node.js ProjectsNode.js is one of the most popular JavaScript runtime environments widely used in the software industry for projects in different domains like web applications, real-time chat applications, RESTful APIs, microservices, and more due to its high performance, scalability, non-blocking I/O, and many oth
9 min read
NodeJS Interview Questions and AnswersNodeJS is one of the most popular runtime environments, known for its efficiency, scalability, and ability to handle asynchronous operations. It is built on Chrome’s V8 JavaScript engine for executing JavaScript code outside of a browser. It is extensively used by top companies such as LinkedIn, Net
15+ min read