SherClockHolmes · SherClockHolmes · Nov 8, 2025 · Jan 31, 2025
diff --git a/vapid.go b/vapid.go
@@ -79,7 +79,7 @@ func getVAPIDAuthorizationHeader(
 
 	token := jwt.NewWithClaims(jwt.SigningMethodES256, jwt.MapClaims{
 		"aud": subURL.Scheme + "://" + subURL.Host,
-		"exp": time.Now().Add(time.Hour * 12).Unix(),
+		"exp": expiration.Unix(),
 		"sub": subscriber,
 	})
 

diff --git a/vapid_test.go b/vapid_test.go
@@ -20,13 +20,16 @@ func TestVAPID(t *testing.T) {
 		t.Fatal(err)
 	}
 
+	// Unusual expiration to check that the expiration value is used
+	expiration := time.Now().Add(time.Hour * 11).Add(23 * time.Minute)
+
 	// Get authentication header
 	vapidAuthHeader, err := getVAPIDAuthorizationHeader(
 		s.Endpoint,
 		sub,
 		vapidPublicKey,
 		vapidPrivateKey,
-		time.Now().Add(time.Hour*12),
+		expiration,
 	)
 	if err != nil {
 		t.Fatal(err)
@@ -65,6 +68,15 @@ func TestVAPID(t *testing.T) {
 		if claims["aud"] == "" {
 			t.Fatal("Audience should not be empty")
 		}
+
+		expectedExp := float64(expiration.Unix())
+		if expectedExp != claims["exp"] {
+			t.Fatalf(
+				"Incorrect exp, expected=%v, got=%v",
+				expectedExp,
+				claims["exp"],
+			)
+		}
 	} else {
 		t.Fatal(err)
 	}