Signing... with an expiration date #27
Comments
|
It seems we should wait for the merging of rails/rails#16462 although we can implement this like http://api.rubyonrails.org/classes/ActiveSupport/MessageVerifier.html , right? |
|
That PR needs more work, so it may take some time. We could implement it here, much like we're handling |
|
@jeremy Good idea.I'd like to work on this cause if my purpose PR can be merged :) |
|
Besides expires_in, should we implement expires_at too? |
|
👍 to |
|
@jeremy But I have a question: If we accepts both |
|
@tony612 Passing both... shouldn't happen. Suppose an explicit |
|
If you want, you can push those tests to a branch which I can rebase off of. Kasper
|
|
@kaspth It doesn't matter, I'll review your code and give some feedback if I find something 😃 |
|
@tony612 Sweet! ❤️ |
|
Implemented by @kaspth ❤️ |
|
cool!! |
|
Sweet! Thanks, @jeremy ❤️ |
Once we can sign with purpose, we'll also want to be explicit about how long the signed Global ID is valid. It needs an expiration date!
See the work in progress on expiration @ rails/rails#16462 - they can use some help on this as well ❤️
We'll want to be able to pass
:expires_inor:expires_atwhen we create signed Global IDs. When we parse a sgid, we'll rely on the MessageVerifier to raise when it's past the expiration date. We'll have to rescue that error and returnnil.Furthermore, we'll want expiration by default, so we'll never inadvertently send out forever-valid signed Global IDs. So,
SignedGlobalID.expires_in = 1.monthfor example, and exposeconfig.global_id.expires_in = ...to the Railtie. Allow passingexpires_in: nilto override and use no expiry.The text was updated successfully, but these errors were encountered: