search

fusion44 / blitz_api

A management backend for the RaspiBlitz project written in Python / FastAPI
MIT License
19 stars 18 forks source link

fix #262: use seconds for JWT token expiry time #263

Open fusion44 opened 3 months ago

fusion44 commented 3 months ago

refs #262

cstenglein commented 3 months ago

Do Not merge yet

The webui refreshes the token based on expiry

If you Change that to Seconds, it will be interpreted by the webui as ms and will spam the Backend non-stop for a new token.

cstenglein commented 3 months ago

Im additon, what ist the benefit of changing the format to seconds?

fusion44 commented 3 months ago

Im additon, what ist the benefit of changing the format to seconds?

I've got the current time from the system as seconds and converted it to milliseconds. I did this for en- and decoding the token. This is somewhat inefficient and was very stupid on my part.

I also learned that the RFC has a registered field called 'exp' for token expiry. The field must be a NumericDate which is measured in seconds since the epoch. More info. If we want, we can rename the access_token to exp which would be the right thing to do according to the JWT RFC.