search

ToastShaman / dropwizard-auth-jwt

A Dropwizard authentication filter using JSON Web Token (JWT)
Apache License 2.0
116 stars 50 forks source link

Needs comprehensive javadoc #3

Closed flavor8 closed 9 years ago

flavor8 commented 9 years ago

For example, in the builder it's not clear what these methods do.

    public Builder exp(DateTime time) {
        checkNotNull(time);
        this.exp = time.getMillis() / 1000;
        return this;
    }

    public Builder iat(DateTime time) {
        checkNotNull(time);
        this.iat = time.getMillis() / 1000;
        return this;
    }

    public Builder nbf(DateTime time) {
        checkNotNull(time);
        this.nbf = time.getMillis() / 1000;
        return this;
    }
ToastShaman commented 9 years ago

@flavor8 Hi, I totally agree these methods should have some Javadoc attached to it. The whole code base could do with better documentation, especially if I am going to publish it to Maven Central. I'll write some better documentation the next week or so. In the meantime: these method names come straight off the JWT draft.

iat: Issued-at time. Contains the UTC Unix time at which this token was issued.

exp: Expiration time. It contains the UTC Unix time after which you should no longer accept this token. It should be after the issued-at time.

nbf: The nbf (not before) claim identifies the time before which the JWT MUST NOT be accepted for processing.

[1] https://developer.atlassian.com/static/connect/docs/concepts/understanding-jwt.html [2] http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#RegisteredClaimName