Missing expiration date from Bearer

[coletz]

I'm using the authentication middleware to check if a bearer token is valid and everything is working as expected, but I can't find a way to check for its "expires_in" parameter (that is not mandatory but recommended from the standard). Is it possible to add a customizable variable that will check against expiration_date and return a 401 if the token is not valid anymore? Or should I do this check somewhere else?

[0xTim]

@coletz to echo what I said in Slack - expiration date is not implemented (which standard are you referring to by the way?). To make it work your Token object needs an expires_in property which you can then query with a custom middleware

[coletz]

As you've explained in slack, it's enough to implement a custom TokenAuthenticationMiddleware similar to the one that can be found in TokenAuthenticatable.swift and check on my own for the expiration date. Thanks!
(anyway I was talking about oauth)

[0xTim]

@coletz ah if you want to use OAuth that is definitely something that the Auth package doesn't include. Luckily I've written it 😁 https://github.com/brokenhandsio/vapor-oauth