Fixes #37737 - expiration registration url param #10278
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
What do you think about adding it as claim exp in epoch format? Wouldn't that be more straight forward? |
|
It seems to be encoded to the token already: foreman/app/services/jwt_token.rb Line 22 in 4f562db |
|
I just realized the token does contain expiration: There is some extra data appended to it tho. Can someone explain? Is this according to JWT spec? Anyway, this can be used for expiration. No need for a new param. |
|
Asked on Slack. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Registration command does not show the expiration in any form, I would like to add this information into unused URL parameter as UNIX UTC epoch so consumers can tell if an existing registration command is expected to work on not.
We would like to bake this information into images created by image builder so users can tell if images are already expired and need to be rebuilt.
JWT spec specifies expiration it is relative tho which is not too useful for our use case. From what I saw, Foreman does not add any JWT expiration into the JSON.
I do not have development setup anymore, trying out blindly to see which tests will scream for an update.