octokit · gr2m · Jun 12, 2019 · Jun 12, 2019 · Jun 12, 2019
diff --git a/src/get-signed-json-web-token.ts b/src/get-signed-json-web-token.ts
@@ -9,7 +9,7 @@ export function getSignedJsonWebToken({ id, privateKey }: getSignedJWTOptions) {
   const now = Math.floor(Date.now() / 1000);
   const payload = {
     iat: now, // Issued at time
-    exp: now + 60 * 10, // JWT expiration time (10 minute maximum)
+    exp: now + 60 * 10 - 30, // JWT expiration time (10 minute maximum, 30 seconds of leeway)
     iss: id
   };
   const token = jsonwebtoken.sign(payload, privateKey, { algorithm: "RS256" });

diff --git a/test/index.test.ts b/test/index.test.ts
@@ -33,7 +33,7 @@ x//0u+zd/R/QRUzLOw4N72/Hu+UG6MNt5iDZFCtapRaKt6OvSBwy8w==
 -----END RSA PRIVATE KEY-----`;
 // see https://runkit.com/gr2m/reproducable-jwt
 const BEARER =
-  "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjAsImV4cCI6NjAwLCJpc3MiOjF9.UYfZtE742hkMV5cKMwp6-gVUvsWnUGoCQkl2UZZEkN8-lgvqzq5V8e5KtTrJxAAgcK7Yn1ViAlDUpwc9hZxrZ-gLaR10GR2hubte3OgkRDH-m_lCQ1Sgb9VQpZnagh_PMyRwphOw3uDXU3D7h2jL86UP3Ora8i9SRgXLq8X_2R9jtr2FDT1wtmcOLdyIc0Q7c_4X1uIPNjZS2UY04QBT7VWePk81EGdJAVQ_nEygXIuWOpMwZvtD0K1hzqQQM9GyV2QOwFSvFLtdbMVyld6Qvs8eEA5VS6Y4vTrGuyUF_lH5XlPdfAFAyrzsGP4inLq3tq6y4mjsx3YIF0P8DcMNPw";
+  "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjAsImV4cCI6NTcwLCJpc3MiOjF9.oyOwC4CVLBJZjPZPumUlP2CWU_OLzzmUk5lGkTDYw06k9g43g9du2TJ1vRzJTL5L3Wa59Y0G_ggBGLJZKOAapT7ZNDRudn98ERMzDiCjpQZi1kuEnltTc9wgN1j2OkItt-jn5zgZLbgRZMytbmE8rxt6FND27s9HoxWJ8LXhX1oY3CXXUkS4R-BXCp5lCDIfjIvYLjOMAQ3_cP75OjpnVMoo_OewpDIqJc7XmjqSeXOEAGsLH78CMNQ41PLJH2wMAD60rgMGYb0G3NFwA2mdw78TgxDp4F1rj44ZdkiESPx341aSpWo6C9scCUnFB1M8ttqpa0KYqIbfwrQsyoZTPA";
 
 // simulate the beginning of unix time so that Date.now() returns 0
 // that way the signed token is always the same