JWT exp should be unix timestamp according to RFC 7519

**Checklist**

* [x] Are you reporting a bug? Use github issues for bug reports and feature requests. For general questions, please use https://discuss.yjs.dev/
* [x] Try to report your issue in the correct repository. Yjs consists of many modules. When in doubt, report it to https://github.com/yjs/yjs/issues/

**Describe the bug**
I believe the current implementation on `exp` claim is not conform to [RFC 7519](https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.4)

> [The "exp" (expiration time)] value MUST be a number containing a NumericDate value.

Also, the `NumericDate value` is described [here](https://www.rfc-editor.org/rfc/rfc7519#section-2)

> NumericDate
      A JSON numeric value representing the number of seconds from
      1970-01-01T00:00:00Z UTC until the specified UTC date/time,
      ignoring leap seconds.

**To Reproduce**
Steps to reproduce the behavior:
1. Generate a JWT using the RFC implementation of `exp`
2. Try to connect to the y-redis server
3. See error

```log
Failed to auth to endpoint /y-redis-demo-app Error: Expired JWT
    at Module.verifyJwt (file:///Users/naydenoff/dev/y-red-dve/y-redis/node_modules/lib0/crypto/jwt.js:51:11)
    at async registerYWebsocketServer.redisPrefix.redisPrefix (file:///Users/naydenoff/dev/y-red-dve/y-redis/src/server.js:57:38)
    at async upgrade (file:///Users/naydenoff/dev/y-red-dve/y-redis/src/ws.js:117:50)
```

**Expected behavior**
The `exp` field should be unix timestamp to match RFC 7519.

**Screenshots**
A screenshot showing **the current** expiration date being `4/25/56333`
![image](https://github.com/yjs/y-redis/assets/7414846/8af30d53-2110-4e31-afa4-e4b4bb479384)

A screenshot showing **the expected** expiration date being `5/12/2024`
![image](https://github.com/yjs/y-redis/assets/7414846/b268dca3-5e04-45c1-ab6c-f2f23aeb52eb)

(Yes, the token is meant to be valid 5s for test purposes in this screenshot)

**Environment Information**
 - Browser / Node.js [e.g. Chrome, Firefox, Node.js]
Node 20
 - Yjs version and the versions of the y-* modules you are using [e.g. yjs v13.0.1, y-webrtc v1.2.1]. Use `npm ls yjs` to find out the exact version you are using.
```log
@y/redis@1.5.3 /y-redis
├─┬ y-websocket@2.0.3
│ ├─┬ y-leveldb@0.1.2
│ │ └── yjs@13.6.15 deduped
│ ├─┬ y-protocols@1.0.6
│ │ └── yjs@13.6.15 deduped
│ └── yjs@13.6.15 deduped
└── yjs@13.6.15
```

**Additional context**
I understand that it does work if I generate a token with the expected `exp` of `y-redis`.
But as it is supposed to integrate with the user's server, I believe it's best if we respect the RFC so that anyone can just use the project without surprises.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

JWT exp should be unix timestamp according to RFC 7519 #25

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

JWT exp should be unix timestamp according to RFC 7519 #25

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions