escardin
commented
7 years ago It's seconds in the rfc spec. What benefit do fractional seconds provide?
Closed jbojcic1 closed 7 years ago
escardin
commented
7 years ago It's seconds in the rfc spec. What benefit do fractional seconds provide?
jbojcic1
commented
7 years ago I didn't know it's rfc spec. In that case it's better to just follow the standard.
element533
commented
7 years ago @escardin if you're referring to the JWT RFC (7519), it specifically states fractional seconds are allowed (emphasis mine):
- Terminology ... NumericDate A JSON numeric value representing the number of seconds from 1970-01-01T00:00:00Z UTC until the specified UTC date/time, ignoring leap seconds. This is equivalent to the IEEE Std 1003.1, 2013 Edition [POSIX.1] definition "Seconds Since the Epoch", in which each day is accounted for by exactly 86400 seconds, other than that non-integer values can be represented. See RFC 3339 [RFC3339] for details regarding date/times in general and UTC in particular. ... 4.1.4. "exp" (Expiration Time) Claim ... Its value MUST be a number containing a NumericDate value....
I read this as, "Expiration time must be a POSIX numeric date time value equivalent to IEEE 1003.1 but allowing non-integer values."
escardin
commented
7 years ago @spadfield it also says 'can', not must. If you want ms or finer grained support, patches are welcome, but they will need to look like 86400.000 and not 86400000, based on the rfc.
Personally, I think ms are a waste of time for this scenario. Latency on a mobile phone can easily be measured in seconds on a bad connection. Maybe something internal could get away with fractional second expiry's, but even that doesn't seem particularly practical.
Currently token expiration property is expected to be in seconds but it should support other time units as milliseconds for example