Closed coletz closed 6 years ago
0xTim
commented
6 years ago @coletz to echo what I said in Slack - expiration date is not implemented (which standard are you referring to by the way?). To make it work your Token object needs an expires_in property which you can then query with a custom middleware
coletz
commented
6 years ago As you've explained in slack, it's enough to implement a custom TokenAuthenticationMiddleware similar to the one that can be found in TokenAuthenticatable.swift and check on my own for the expiration date. Thanks!
(anyway I was talking about oauth)
0xTim
commented
6 years ago @coletz ah if you want to use OAuth that is definitely something that the Auth package doesn't include. Luckily I've written it 😁 https://github.com/brokenhandsio/vapor-oauth
I'm using the authentication middleware to check if a bearer token is valid and everything is working as expected, but I can't find a way to check for its "expires_in" parameter (that is not mandatory but recommended from the standard). Is it possible to add a customizable variable that will check against expiration_date and return a 401 if the token is not valid anymore? Or should I do this check somewhere else?