1. Home
  2. Categories
  3. General Discussion
  4. Changes in JWT Token Validity

Changes in JWT Token Validity

General Discussion
Log in to reply
  • M

    Dear SmartAPI Users,

    We have made some changes wrt to validity of JWT token received after login. A fresh token is valid for 24-28 hours, instead of the previous time of 5 AM in the morning.
    To check the validity and expiry time of your token, you can write a simple script in any programming language to decode it. We are sharing a sample for Python here:

    import base64
import json
from datetime import datetime, timedelta
import jwt

def extract_inner_token_payload(outer_token):
    try:
        parts = outer_token.split('.')
        if len(parts) == 3:
            inner_token = parts[1]
            # Adding padding to make the inner token length a multiple of 4
            padded_inner_token = inner_token + '=' * (-len(inner_token) % 4)
            # Decoding the inner token's payload manually
            decoded_payload = base64.urlsafe_b64decode(padded_inner_token.encode() + b'==').decode()
            return decoded_payload
        else:
            return {'error': 'Invalid token format'}
    except Exception as e:
        return {'error': f'Error: {str(e)}'}

# Replace 'YOUR_OUTER_JWT_TOKEN_HERE' with your actual JWT token
your_outer_jwt_token = 'your_actual_JWT_token_here'

decoded_payload = extract_inner_token_payload(your_outer_jwt_token)
if 'error' in decoded_payload:
    print(decoded_payload['error'])
else:
    print("Inner Token Payload:")
    print(decoded_payload)

    try:
        # Parse JSON payload
        parsed_payload = json.loads(decoded_payload)

        # Access and print the expiry time in GMT+5:30
        if 'exp' in parsed_payload:
            expiry_timestamp = parsed_payload['exp']
            print("\nExpiry Timestamp (UTC):", expiry_timestamp)

            # Convert UTC to IST (GMT+5:30)
            expiry_datetime_utc = datetime.utcfromtimestamp(expiry_timestamp)
            ist_offset = timedelta(hours=5, minutes=30)  # IST is UTC+5:30
            expiry_datetime_ist = expiry_datetime_utc + ist_offset

            print("Expiry Datetime (GMT+5:30):", expiry_datetime_ist.strftime('%Y-%m-%d %H:%M:%S'))
        else:
            print("Expiry time not found in token payload.")
    except json.JSONDecodeError:
        print("Invalid JSON format in the decoded payload.")

    Otherwise, you can go to online tools like https://jwt.io/ and paste your JWT token there and decode.

    As a best practice, you should logout at the end of the day after your trading activity.

    0
  • S

    Extending the validity period of a JWT token beyond what is advised might increase the risk of security breaches by creating a larger opening for possible attacks such as replay or token theft. Following recommended best practices for token lifetimes is essential to keeping a strong security posture.👓

    0