I have been running Jitsi with jwt tokens for almost 2 years now without any problems, and all the fields in the token were working as intended.
While testing one of the old tokens to log into a session, I noticed that the old sessions with an ‘exp’ field that already expired are still working.
For example, a token with exp field set to ‘1584590400’ which expired more than 6 months ago still works!
This is the list of current Jitsi versions installed:
jitsi-archive-keyring/stable 1.0.1 all
jitsi-meet/stable 2.0.5076-1 all [upgradable from: 2.0.4468-1]
jitsi-meet-prosody/stable 1.0.4428-1 all [upgradable from: 1.0.4025-1]
jitsi-meet-tokens/stable 1.0.4428-1 all [upgradable from: 1.0.3216-1]
jitsi-meet-turnserver/stable 1.0.4428-1 all
jitsi-meet-web/stable 1.0.4428-1 all [upgradable from: 1.0.4025-1]
jitsi-meet-web-config/stable 1.0.4428-1 all [upgradable from: 1.0.4025-1]
jitsi-upload-integrations/stable 0.15.15-1 all
jitsi-videobridge/stable 1126-1 amd64 [residual-config]
jitsi-videobridge2/stable 2.1-351-g0bfaac1c-1 all [upgradable from: 2.1-183-gdbddd169-1]
Any ideas where can I debug and look for why this happening?