Signing... with an expiration date
jeremy opened this issue · comments
Once we can sign with purpose, we'll also want to be explicit about how long the signed Global ID is valid. It needs an expiration date!
See the work in progress on expiration @ rails/rails#16462 - they can use some help on this as well ❤️
We'll want to be able to pass :expires_in
or :expires_at
when we create signed Global IDs. When we parse a sgid, we'll rely on the MessageVerifier to raise when it's past the expiration date. We'll have to rescue that error and return nil
.
Furthermore, we'll want expiration by default, so we'll never inadvertently send out forever-valid signed Global IDs. So, SignedGlobalID.expires_in = 1.month
for example, and expose config.global_id.expires_in = ...
to the Railtie. Allow passing expires_in: nil
to override and use no expiry.
It seems we should wait for the merging of rails/rails#16462 although we can implement this like http://api.rubyonrails.org/classes/ActiveSupport/MessageVerifier.html , right?
That PR needs more work, so it may take some time. We could implement it here, much like we're handling purpose
, and port it to use MessageVerifier support when it's available.
@jeremy Good idea.I'd like to work on this cause if my purpose PR can be merged :)
Besides expires_in, should we implement expires_at too?
👍 to expires_at
, yes. But only expires_in
for the global defaults 😁
@jeremy But I have a question: If we accepts both expires_at
and expires_in
, which one should we use?
@tony612 Passing both... shouldn't happen. Suppose an explicit :expires_at
should take precedence.
If you want, you can push those tests to a branch which I can rebase off of.
We're gonna need @jeremy to create a branch on the main repo, which you can PR against.
Kasper
Den 22/08/2014 kl. 02.29 skrev Tony Han notifications@github.com:
@jeremy Glad to see @kaspth has done much work . I'll stop my work though I just wrote the tests yesterday.
—
Reply to this email directly or view it on GitHub.
@kaspth It doesn't matter, I'll review your code and give some feedback if I find something 😃
@tony612 Sweet! ❤️
Implemented by @kaspth ❤️
cool!!
Sweet! Thanks, @jeremy ❤️
I'll follow the rails issue and keep giving feedback there.