Preferred way to check if a Signed GlobalID is expired?

[aergonaut]

The documentation for Signed Global IDs shows that they can have an expiry date. I know that if the SGID is expired, then trying to use it to locate a record returns nil. But returning nil could also mean that the record indicated by the SGID no longer exists.

Is there a way to specifically tell that the SGID is expired? I see in the code, an ExpiredMessage exception is actually raised, but it is immediately caught and turned into nil.

https://github.com/rails/globalid/blob/3ddb0f87fd5c22b3330ab2b4e5c41a85953ac886/lib/global_id/signed_global_id.rb#L32-L40

I could use the SignedGlobalID#verifier to decode the message and then get the expired_at attribute out of the Hash. That seems hacky to me, so I was wondering if there was another way to check for expiration?

Would a PR to add an expired? method to SignedGlobalID be welcome? I'd be happy to work on that.

Thanks!

[fschwahn]

I'd be interested as well - we want to know if & when a globalid expired to show users an info like "this link expired on XXX". Currently we do this manually using SignedGlobalID.verifier. It would be great if an expires_at method could be added in addition to expired?.

[dhh]

I'd take #expired? 👍

[rafaelfranca]

If we want to implement this it need to be in the ActiveSupport::MessageVerifier that is used to globalid to check message

https://github.com/rails/rails/blob/main/activesupport/lib/active_support/message_verifier.rb

The current code here is going to be removed to verify the message is legacy and will be removed. See https://github.com/rails/globalid/pull/107

[ghiculescu]

PR to add to Rails: https://github.com/rails/rails/pull/48820

Once that's merged I can make a PR here to add expired?.