Expiration for JWT #5
Description
First of all: thanks for this package, we are starting to use this for the first time.
By reading the code, I assume the tokens will currently be valid forever:
https://github.com/firebase/php-jwt/blob/d2113d9b2e0e349796e72d2a63cf9319100382d2/src/JWT.php#L148 checks for a timestamp value in the payload-value "exp" which is not send by https://github.com/rfyio/JWT/blob/303b3cd17e4ba146fb00ddcfd0bbf0ae673b8c31/Classes/Security/Authentication/Factory/TokenFactory.php#L69
Do I miss something (maybe you tackled that in another way already)?
If it is really missing, I could open a PR for that, my idea would be to extend TokenFactory::getJsonWebToken to add the key "exp" to the payload by using the current timestamp + expirationTime (new setting). Of course if $account->getExpirationDate()->getTimestamp() is smaller this will be used instead of the calculated exp.