Access token is not expiring

[aravindor]

Version
djangorestframework-simplejwt==5.2.1

My settings

REST_FRAMEWORK = {
    'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',
    'PAGE_SIZE': 5,
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated',
        # 'rest_framework.permissions.AllowAny',

    ),
    'DEFAULT_RENDERER_CLASSES': (
        'rest_framework.renderers.JSONRenderer',
    ),
    'DEFAULT_PARSER_CLASSES': (
        'rest_framework.parsers.JSONParser',
        'rest_framework.parsers.MultiPartParser',
        'rest_framework.parsers.FileUploadParser',
        'rest_framework.parsers.FormParser',
    ),
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_simplejwt.authentication.JWTAuthentication',
        # 'rest_framework.authentication.SessionAuthentication',
        # 'rest_framework.authentication.BasicAuthentication',
    ),
    'DEFAULT_FILTER_BACKENDS': ('django_filters.rest_framework.DjangoFilterBackend',),
    'DEFAULT_VERSIONING_CLASS': 'rest_framework.versioning.NamespaceVersioning',
}

SIMPLE_JWT = {
    'ACCESS_TOKEN_LIFETIME': timedelta(minutes=1),
    'REFRESH_TOKEN_LIFETIME': timedelta(days=1),
    'ROTATE_REFRESH_TOKENS': False,
    'BLACKLIST_AFTER_ROTATION': True,
    'UPDATE_LAST_LOGIN': False,

    'ALGORITHM': 'HS256',
    'SIGNING_KEY': SECRET_KEY,
    'VERIFYING_KEY': None,
    'AUDIENCE': None,
    'ISSUER': None,

    'AUTH_HEADER_TYPES': ('Bearer',),
    'AUTH_HEADER_NAME': 'HTTP_AUTHORIZATION',
    'USER_ID_FIELD': 'id',
    'USER_ID_CLAIM': 'user_id',

    'AUTH_TOKEN_CLASSES': ('rest_framework_simplejwt.tokens.AccessToken',),
    'TOKEN_TYPE_CLAIM': 'token_type',

    'JTI_CLAIM': 'jti',

    'SLIDING_TOKEN_REFRESH_EXP_CLAIM': 'refresh_exp',
    'SLIDING_TOKEN_LIFETIME': timedelta(minutes=5),
    'SLIDING_TOKEN_REFRESH_LIFETIME': timedelta(days=1),
}

Custom serializer

class CustomTokenObtainPairSerializer(TokenObtainPairSerializer):
    def validate(self, attrs):
        # The default result (access/refresh tokens)
        data = super(CustomTokenObtainPairSerializer, self).validate(attrs)
        # Custom data you want to include
        data.update({'user': self.user.username})
        data.update({'id': self.user.id})
        token = self.get_token(self.user)
        data['access_token_lifetime'] = str(token.access_token.lifetime)
        data['access_token_expiry'] = str(datetime.datetime.now() + token.access_token.lifetime)
        data['current_time'] = str(datetime.datetime.now())
        # and everything else you want to send in the response
        return data

Get token response

{
    "refresh": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImV4cCI6MTY2NTMwMjkyMywiaWF0IjoxNjY1MjE2NTIzLCJqdGkiOiJjOWZhYzM1MDE1MjU0NzRhYWY4MTg4YTViMWYzYjUyZCIsInVzZXJfaWQiOjF9.SS0P4-aqdElq6gJKTkLDzBbHy2jqRgXGcU2lhMP-Ddg",
    "access": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNjY1MjE2NTgzLCJpYXQiOjE2NjUyMTY1MjMsImp0aSI6ImQxMTFlMGMzM2Y2ZTQ4MTRhZmE3MjY1ZjAwODM1MDJlIiwidXNlcl9pZCI6MX0.pBp-VOZ4rd1TqCuc9hE8NjNdA1Pfk_In-h3EGqDzDC0",
    "user": "TestAdmin",
    "id": 1,
    "access_token_lifetime": "0:01:00",
    "access_token_expiry": "2022-10-08 13:39:43.063243",
    "current_time": "2022-10-08 13:38:43.063318"
}

Authentication success even after the Token expiry

Without Token

[Andrew-Chen-Wang]

did you try without the custom serializer? also did you try with default setting besides the access token expiry time?

[aravindor]

Yes, I tried without a custom serializer and using the same settings in the documentation. Faced the same issue.
But downgrading to version 5.2.0 solved this issue. (Working fine with the same custom serializer and my current settings)

[jdejoode]

Is this fixed here: #550