search

authenticvision / libpaseto

C implementation of Platform-Agnostic Security Tokens (PASETO)
https://paseto.io
BSD 3-Clause "New" or "Revised" License
22 stars 2 forks source link

set expiration #6

Closed kounelios13 closed 5 years ago

kounelios13 commented 5 years ago

Hello. I was wondering if there is the posibility to specify the exp time on a token

minus7 commented 5 years ago

The library just takes care of encoding the token. It doesn't know about the high-level PASETO protocol/JSON fields. You are responsible for that content. It technically doesn't even require you to store JSON in the token.

kounelios13 commented 5 years ago

Oh ok I understand. Do you have any example of how I could achieve something like that?I want to be able to set custom expiration time for my tokens. Thank you

minus7 commented 5 years ago

Just create the JSON content according to the payload documentation with an exp claim (the library doesn't help you with that), then encrypt/sign it with paseto_v2_local_encrypt/paseto_v2_local_sign.

kounelios13 commented 5 years ago

So i will nee to manually add the "iat" and "exp" claims correct?And during the verification process I should manually compare the dates ?

minus7 commented 5 years ago

To check expiration only exp is relevant, but best check the official documentation. When using this library, it's your responsibility to check the expiration dates, yes. Again, this library doesn't understand the JSON content. To parse the JSON in C you need something like json-c.