Token sometimes re-used too close to expiration.

[alexander-aleman]

Hi,

I'm running into an issue that a token is re-used very close to the expiration of the token, which then cause a not-authorized response from the API.

I believe this is caused by the following line of code:

guzzle-jwt-middleware/src/Manager/JwtManager.php

Line 135 in 5df8e6e

$expiration = new \DateTime('now + ' . $expiresIn . ' seconds');

or you could argue that this should be handled in the validation part:

guzzle-jwt-middleware/src/JwtToken.php

Line 53 in 5df8e6e

return (new \DateTime()) < $this->expiration;

In my case I have solved this for now by adding a small safety margin:

--- a/src/Manager/JwtManager.php	2022-11-23 10:01:15.148041661 +0100
+++ b/src/Manager/JwtManager.php	2022-11-23 10:00:33.247774501 +0100
@@ -132,7 +132,7 @@
         }

         if ($expiresIn) {
-            $expiration = new \DateTime('now + ' . $expiresIn . ' seconds');
+            $expiration = new \DateTime('now + ' . ((int)($expiresIn * 0.9)) . ' seconds');
         } elseif (count($jwtParts = explode('.', $tokenValue)) === 3
             && is_array($payload = json_decode(base64_decode($jwtParts[1]), true))
             // https://tools.ietf.org/html/rfc7519.html#section-4.1.4

Perhaps you could think of a more elegant solution.

[michielkalle]

I agree, I have the same issue.

Example:

return (new \DateTime('now + 1 seconds')) < $this->expiration;