Fast way to check if JWT is expired.

[calebmer]

Can we think of a super fast way to check if a JWT has expired? In my application code which uses the refresh token model I can either: 1) Refresh my token every request (slow). 2) Try a request, catch failures, refresh the token, and try again. 3) Request some route to see if the token has expired (server still does some calculations). None of these are optimal, so is there any way we could develop a fast method for checking JWT expiration?

Maybe we use the recommended ping request of OPTIONS *. It always succeeds with no authentication, and fails fails with bad authentication. Of course doing authentication parsing could slow down other ping requests.

Side note, I haven't checked to see if a GET / request will fail with an expired token, but even if it does the server still does some calculations which aren't required.

[calebmer]

A solution to this could also be helpful if @diogob wanted to write an extended refresh token implementation into his auth example.

[begriffs]

Naively I would assume that option two is the standard way. When requests fail due to token expiration you ask for a new token and try again.

[ruslantalpa]

Jwt is just base64, anyone can decode it and look at its contens. (This can be closed)