docs: comment explaining max expiration time for JWT

octokit · Nov 24, 2018 · 1b8d064 · 1b8d064
1 parent 37f84a4
commit 1b8d064
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/get-signed-json-web-token.js b/lib/get-signed-json-web-token.js
@@ -6,7 +6,7 @@ function getSignedJsonWebToken ({ id, privateKey }) {
   const now = Math.floor(Date.now() / 1000)
   const payload = {
     iat: now, // Issued at time
-    exp: now + 60, // JWT expiration time
+    exp: now + 60, // JWT expiration time (10 minute maximum)
     iss: id
   }
   const token = jsonwebtoken.sign(payload, privateKey, { algorithm: 'RS256' })