vapor / auth

👤 Authentication and Authorization framework for Fluent.
53 stars 34 forks source link

Missing expiration date from Bearer #27

Closed coletz closed 6 years ago

coletz commented 6 years ago

I'm using the authentication middleware to check if a bearer token is valid and everything is working as expected, but I can't find a way to check for its "expires_in" parameter (that is not mandatory but recommended from the standard). Is it possible to add a customizable variable that will check against expiration_date and return a 401 if the token is not valid anymore? Or should I do this check somewhere else?

0xTim commented 6 years ago

@coletz to echo what I said in Slack - expiration date is not implemented (which standard are you referring to by the way?). To make it work your Token object needs an expires_in property which you can then query with a custom middleware

coletz commented 6 years ago

As you've explained in slack, it's enough to implement a custom TokenAuthenticationMiddleware similar to the one that can be found in TokenAuthenticatable.swift and check on my own for the expiration date. Thanks! (anyway I was talking about oauth)

0xTim commented 6 years ago

@coletz ah if you want to use OAuth that is definitely something that the Auth package doesn't include. Luckily I've written it 😁 https://github.com/brokenhandsio/vapor-oauth