blitz_api icon indicating copy to clipboard operation
blitz_api copied to clipboard
verified publisher icon fusion44

fix #262: use seconds for JWT token expiry time

Open fusion44 opened this issue 1 year ago • 3 comments

refs #262

fusion44 avatar Jul 21 '24 14:07 fusion44

Do Not merge yet

The webui refreshes the token based on expiry

If you Change that to Seconds, it will be interpreted by the webui as ms and will spam the Backend non-stop for a new token.

cstenglein avatar Jul 21 '24 18:07 cstenglein

Im additon, what ist the benefit of changing the format to seconds?

cstenglein avatar Jul 21 '24 18:07 cstenglein

Im additon, what ist the benefit of changing the format to seconds?

I've got the current time from the system as seconds and converted it to milliseconds. I did this for en- and decoding the token. This is somewhat inefficient and was very stupid on my part.

I also learned that the RFC has a registered field called 'exp' for token expiry. The field must be a NumericDate which is measured in seconds since the epoch. More info. If we want, we can rename the access_token to exp which would be the right thing to do according to the JWT RFC.

fusion44 avatar Jul 21 '24 19:07 fusion44