I can't possibly see how checking the 'exp' claim in the JWT "bearer token" aka access token was never handled in any of the code they were using. Did they write their own authorization server? That would be a foolish endeavor.
I can't possibly see how checking the 'exp' claim in the JWT "bearer token" aka access token was never handled in any of the code they were using. Did they write their own authorization server? That would be a foolish endeavor.
(post is archived)