Validate expired oidc token with jose4j

Question

On our endpoint, we get an OIDC token and a refresh token. When the OIDC token has expired, we want to refresh the token using the provided refresh token. Currently, except for disabling all default validators, I see no way to only exclude expiry validation.

Is it possible in Jose4j?

Brian Campbell Brian Campbell · Accepted Answer · 2018-07-17T02:50:27

Only exclude expiry validation? Or only include expiry validation?

Setting up the JWT Consumer like this will basically only do expiry validation.

JwtConsumer consumer = new JwtConsumerBuilder()
   .setDisableRequireSignature()
   .setSkipSignatureVerification()
   .setSkipDefaultAudienceValidation()
   .setRequireExpirationTime()
   .build();

To effectively exclude expiry validation you could use something like .setAllowedClockSkewInSeconds(2000000000) on a JwtConsumerBuilder

Validate expired oidc token with jose4j

1 Answers