Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix #262: use seconds for JWT token expiry time #263

Open
wants to merge 3 commits into
base: dev
Choose a base branch
from
Open

fix #262: use seconds for JWT token expiry time #263

wants to merge 3 commits into from

Conversation

fusion44
Copy link
Owner

refs #262

@cstenglein
Copy link
Collaborator

Do Not merge yet

The webui refreshes the token based on expiry

If you Change that to Seconds, it will be interpreted by the webui as ms and will spam the Backend non-stop for a new token.

@cstenglein
Copy link
Collaborator

Im additon, what ist the benefit of changing the format to seconds?

@fusion44
Copy link
Owner Author

Im additon, what ist the benefit of changing the format to seconds?

I've got the current time from the system as seconds and converted it to milliseconds. I did this for en- and decoding the token. This is somewhat inefficient and was very stupid on my part.

I also learned that the RFC has a registered field called 'exp' for token expiry. The field must be a NumericDate which is measured in seconds since the epoch. More info. If we want, we can rename the access_token to exp which would be the right thing to do according to the JWT RFC.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fusion44 @cstenglein