When running the application locally, requests to protected endpoints fail with a 401 Unauthorized error. This happens because the JWT validation process considers the token expired, even though it was freshly generated. We are getting the error message “Expiration time' claim ('exp') is too far in the future”.

Actual Behavior

• Generated tokens are rejected as expired due to a clock skew between token iat/exp claims and the server’s current time.\

Possible Cause

• Local development environments sometimes have small time discrepancies due to differences in system clocks between client and server.

Proposed Solution

• Expiration time of the JWT must be no more than 10 minutes into the future.

• Allow a small leeway (e.g., 60 seconds) when validating tokens to tolerate minor clock differences.

Environment

• Local OS: Windows 11
• Node.js version: v23.6.0
• JWT library: jsonwebtoken ^9.0.2
• Production Environment: Works fine.