To work with an invalid token, you can login into the Meshery remote provider, navigate to your user profile, and select Get Token. You can then edit the token, changing some small portion of it, saving it and attempting to use it. That will invalidate the token.
You can use decoders like the one on jwt.io to see the contents of the token. Any modifications to the token, like changing the expiry date, will invalid the token. When issued, the contents of the token are signed. If the contents are changed, they are invalidated.
So, it’s easy to test system behavior with invalid tokens. To use an expired token, you can login, get your token, set it aside for ~12 hours, and it will have expired after that time.
