Next: , Previous: , Up: The Json Web Token   [Contents][Index]


8.3 Date verification for tokens

Different kinds of tokens have a requirement for a limited time window for which the signature should be valid.

Class: <time-bound-token> (<token>) iat exp

The base class for tokens which are issued for a limited time window. It knows the issuance date (iat, a date from (srfi srfi-19)), and the expiration date (iat, a date from (srfi srfi-19)).

Similarly to the base token type, you can construct one by specifying its arguments, or create one from a pair of alists.

The main point of this class is to provide a stricter token validation function. You can customize the current date by passing #:current-date ... as keyword arguments to decode. ... would be replaced with a time or date.

Generic: default-validity token

Return the default validity as a number of seconds to construct token, or #f if an explicit #:validity is required.

Generic: has-explicit-exp? token

Check whether we should trust the JWT exp field when constructing token. DPoP proofs should not be able to fill our cache with infinitely-valid proofs, so it is disabled for DPoP proofs.

Generic: iat token

Return the signature date of token, as a srfi-19 date.

Generic: exp token

Return the expiration date of token, as a srfi-19 date.

Exception type: &signed-in-future signature-date current-date
Exception type: &expired expiration-date current-date

An exception of type &signed-in-future is raised when the current date is before the alleged signature date. Since the signing entity and the verifier entity may not be on the same system, the clocks may be slightly out of synchronization, so a margin of 5 seconds is usually accepted.

An exception of type &expired indicates that the signature is no longer valid.

function: make-signed-in-future signature-date current-date
function: make-expired expiration-date current-date

Constructors for the &signed-in-future and &expired exception types.

function: signed-in-future? exception
function: expired? exception

Check whether exception was raised because of a date mismatch.

function: error-signature-date exception
function: error-expiration-date exception
function: error-current-date exception

If exception was raised because of a date mismatch, return the signature, expiration or current date.


Next: , Previous: , Up: The Json Web Token   [Contents][Index]