Using WSO2AM 2.1.0 we'd like to use the JWT token to pass api, user and application information to the backend service for authorization. The problem is with the JWT validation as the expiration timestamp is set to the current timestamp
reading other resources did not help much:
- https://wso2.org/jira/browse/APIMANAGER-4575
- https://wso2.org/jira/browse/APIMANAGER-3493
- WSO2 Api Manager - How to change the expiration time of JWT?
Content of the api-manager.xml
<CacheConfigurations>
<EnableGatewayTokenCache>true</EnableGatewayTokenCache>
<EnableGatewayResourceCache>true</EnableGatewayResourceCache>
<JWTClaimCacheExpiry>900</JWTClaimCacheExpiry>
...
<APIKeyValidator>
...
<JWTExpiryTime>900</JWTExpiryTime>
<SecurityContextTTL>900</SecurityContextTTL>
</APIKeyValidator>
(even according to the resources the JWTExpiryTime has no effect when KM or GW cache is enabled)
It looks like the JWTExpiryTime is in effect if the token cache is disabled (to be validated), but we would like to cache the access tokens for performance reasons..
Edit: seems if either (Gateway or KeyManager) token cache is enabled, the JWT expiration is simply set to current timestamp (making JWT token unusable without some agreement on backend services about the token leeway/skew time). The token is cached for cache-lifetime (15mins by default), so the backend must allow expired tokens for 15 minutes. Or am I missing something?
