I’m working on a test bot to understand the API and I have a question about authentication and JWT validation.

As far as I can see, the way to authenticate is to call the /user/login endpoint with valid credentials which will return a JWT. All is good except the JWT payload. I see that it contains iat but nothing about expiry (exp).

Now, I wanted to use the JWT for multiple requests, but that’s difficult if I cannot figure out when the token expires. What is the best way to be sure about the validity of a JWT before using it. Should I get a new JWT before every operation, is that the intended behavior? Or maybe I misunderstand the way authentication works with Lemmy?

Edit: I asked this on Lemmy Development channel a few days ago and apparently someone has created an issue in Github. So, perhaps this will be addressed in a later update.