Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add expires_at field to SignatureView response #606

Open
jjnesbitt opened this issue Nov 30, 2021 · 2 comments
Open

Add expires_at field to SignatureView response #606

jjnesbitt opened this issue Nov 30, 2021 · 2 comments

Comments

@jjnesbitt
Copy link
Member

Currently, the view for creating a temporary signature for GET requests looks like this

def post(self, request):
signer = UserSigner()
signature = signer.sign(user=self.request.user)
param = getattr(settings, 'RGD_SIGNED_URL_QUERY_PARAM', 'signature')
return response.Response({param: signature})

With the only field returned being signature. It'd be good to also include an expires_at field, which would indicate the unix timestamp at which this signature expires.

@banesullivan
Copy link
Contributor

It'd be good to also include an expires_at field, which would indicate the unix timestamp at which this signature expires.

I'm also thinking that we should allow the user to specify how long they want the token to be valid to override our default value while setting some cap at like 1 month or something

@jjnesbitt
Copy link
Member Author

It'd be good to also include an expires_at field, which would indicate the unix timestamp at which this signature expires.

I'm also thinking that we should allow the user to specify how long they want the token to be valid to override our default value while setting some cap at like 1 month or something

I don't see much wrong with that, although I'd think a month would be quite a long time for this, given how it's intended to be used.

Also, when someone makes a request for a new signature, are all previous signatures invalidated?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants