How to create an invalid/expired token?

I was wondering how I can create an expired token? This would be helpful when trying to resolve issues such as this.

To work with an invalid token, you can login into the Meshery remote provider, navigate to your user profile, and select Get Token. You can then edit the token, changing some small portion of it, saving it and attempting to use it. That will invalidate the token.

You can use decoders like the one on to see the contents of the token. Any modifications to the token, like changing the expiry date, will invalid the token. When issued, the contents of the token are signed. If the contents are changed, they are invalidated.

So, it’s easy to test system behavior with invalid tokens. To use an expired token, you can login, get your token, set it aside for ~12 hours, and it will have expired after that time.

1 Like

So I guess the only way to generate an expired token is to let it expire? Sounds like manually changing the expiry date would invalidate the token. The issue I’m working on is specifically looking at expired tokens not invalid I believe

There might be some hack that I’m not aware of, but, yes, generating a token today and then using it tomorrow should do the trick. You can verify the expiry date when you decode it to be sure that it has expired.

1 Like

Yesssss! Points for me! :laughing: