Platform: ApigeeEdge
When using GenerateJWT policy to generate a JWT token, exp claim is not set when the ExpiresIn property value is set to less than 1 second. Apigee Edge appears to silently ignore this value (between 1-999ms) and as a result it generates a jwt with no exp claim, which means it never expires.
I did not find any documentation regarding this behavior and not sure whether it is a bug.
If ExpiresIn value is something the engine does not like, then instead of silently ignoring it and not setting the exp claim poses a security risk.
What you are reporting does not happen in Apigee X. (See attached proxy)
When I use values like 120ms or 500ms for the expiry, I get an exp claim in the resulting JWT.
If this is impeding your deployment, You will want to file a bug for this behavior, I guess.
1 Like
Thank you for your reply.
This is not immediately impeding however I will go ahead and file a bug report.
1 Like
They’ll probably ask you for a test case that reproduces what you are observing. I tried my test ^^ attached above in Apigee Edge, and observed what you observed.
I expect that the support and engineering team will assign a lower priority since it’s not impeding your work.
1 Like
Thanks much for confirming.