From 1b8d064f9f448acadca62cbd9a191a062fc3e2a1 Mon Sep 17 00:00:00 2001
From: Gregor <gregor@martynus.net>
Date: Fri, 23 Nov 2018 19:35:13 -0800
Subject: [PATCH] docs: comment explaining max expiration time for JWT

---
 lib/get-signed-json-web-token.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/get-signed-json-web-token.js b/lib/get-signed-json-web-token.js
index 59c9d042e..bafdb8d28 100644
--- a/lib/get-signed-json-web-token.js
+++ b/lib/get-signed-json-web-token.js
@@ -6,7 +6,7 @@ function getSignedJsonWebToken ({ id, privateKey }) {
   const now = Math.floor(Date.now() / 1000)
   const payload = {
     iat: now, // Issued at time
-    exp: now + 60, // JWT expiration time
+    exp: now + 60, // JWT expiration time (10 minute maximum)
     iss: id
   }
   const token = jsonwebtoken.sign(payload, privateKey, { algorithm: 'RS256' })