-
Notifications
You must be signed in to change notification settings - Fork 121
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Signing... with an expiration date #27
Comments
It seems we should wait for the merging of rails/rails#16462 although we can implement this like http://api.rubyonrails.org/classes/ActiveSupport/MessageVerifier.html , right? |
That PR needs more work, so it may take some time. We could implement it here, much like we're handling |
@jeremy Good idea.I'd like to work on this cause if my purpose PR can be merged :) |
Besides expires_in, should we implement expires_at too? |
👍 to |
@jeremy But I have a question: If we accepts both |
@tony612 Passing both... shouldn't happen. Suppose an explicit |
If you want, you can push those tests to a branch which I can rebase off of. Kasper
|
@kaspth It doesn't matter, I'll review your code and give some feedback if I find something 😃 |
@tony612 Sweet! ❤️ |
Implemented by @kaspth ❤️ |
cool!! |
Sweet! Thanks, @jeremy ❤️ |
Once we can sign with purpose, we'll also want to be explicit about how long the signed Global ID is valid. It needs an expiration date!
See the work in progress on expiration @ rails/rails#16462 - they can use some help on this as well ❤️
We'll want to be able to pass
:expires_in
or:expires_at
when we create signed Global IDs. When we parse a sgid, we'll rely on the MessageVerifier to raise when it's past the expiration date. We'll have to rescue that error and returnnil
.Furthermore, we'll want expiration by default, so we'll never inadvertently send out forever-valid signed Global IDs. So,
SignedGlobalID.expires_in = 1.month
for example, and exposeconfig.global_id.expires_in = ...
to the Railtie. Allow passingexpires_in: nil
to override and use no expiry.The text was updated successfully, but these errors were encountered: