Examples of Verifying JWT with and without secret?

[makeitTim]

Hi. Jose looks great --- choosing over other libs because it supports nodejs and browser, and documentation looks good. Except I can't figure out how to do my basic custom use-case.

I just need an expiration and to check if a string matches. I'm using sub but I can easily switch to something else if it make verify step easier. I just want to use a HS256 secret. My payload:

{ "exp": 1653268669, "sub": "foobar"}

BROWSER side I will not have the HS256 secret, but I still want to know is the token is expired so the browser can ask for a new one before using it.

export function isTokenExpired(token?: string, sub?: string): boolean {
  const payload = decodeJwt(token)
  // what happens?

NODEJS server side I WILL know the HS256 secret, I want to verify that a Bearer token is valid, not expired, and sub matches. I think it's a try catch somehow, but I can't find an example anywhere?

export function tokenFails(token: string, sub: string): boolean {
  let decoded = jwtVerify(token, JWT_SECRET, { sub: 'foorbar' })
  // how do I return true if it's not verified?

Thanks for any help. I don't think my use-case is odd? Why not any examples anywhere?

[makeitTim]

I think I got this to work for the browser side expired check:

export function isTokenExpired(token?: string, sub?: string): boolean {
  if (!token) { return true }

  const payload = decodeJwt(token)

  // failed or no value, consider expired
  if (!payload || !payload.exp) { return true }

  // sub must match if given
  if (sub && payload.sub !== sub) { return true }

  // is it expired?
  const now = Math.floor(Date.now() / 1000)
  return now >= payload.exp
}