Token JWT Decode

[aascagarwal]

Suggestion: The token contains the time stamp for start and end ('iat': 1621506724, 'exp': 1621507624) of token validation, this can help in invalid token check without calling the beneficiary api everytime

use pyjwt
Also this will allow to regenerate the otp automatically just before expiration (if auto is selected)

[pallupz]

Oh I dint know about this. Thank you!

[pallupz]

Hi @aascagarwal - Did you decode the JWT? I seem to be running into InvalidSignatureError

[pallupz]

If you're on Discord, could we have a quick chat sometime? ID: pallupz#5726

[aascagarwal]

jwt.decode(token, options={"verify_signature": False})

[pallupz]

algorithm?

[pallupz]

oh wait.. got it

[aascagarwal]

decoded = jwt.decode(token, options={"verify_signature": False})
print(decoded)
mobile = str(decoded['mobile_number'])
startTime = datetime.datetime.fromtimestamp(decoded['iat'])
d1 = (datetime.datetime.now() + datetime.timedelta(minutes=15)).replace(microsecond = 0)
print(d1)
print(startTime)

    difference = (d1 - startTime).total_seconds() / 60
    print(difference)

[pallupz]

when I encode it back, I am not getting the same result

[aascagarwal]

that's because, you need the signature..
you can put the expiration logic as intended, this was just a dummy I wrote to verify.
Relying on the this might be an issue, as cowin now logs out abruptly if any other session is working or number of requests are more, hence beneficiary check would still be a better fail safe

[pallupz]

yea.. so at the moment, we can at best only predict when this will expire?

[pallupz]

no way to generate the next token, I assum

[aascagarwal]

I have not tried that, but mostly no

[pallupz]

yea - I tried with different things for keys, but nothing has worked so far. and that'd be a dumb design anyway. was hoping maybe devs made a mistake somewhere.