Different kinds of tokens have a requirement for a limited time window for which the signature should be valid.
The base class for tokens which are issued for a limited time window. It knows the issuance date (iat, a date from (srfi srfi-19)), and the expiration date (iat, a date from (srfi srfi-19)).
Similarly to the base token type, you can construct one by specifying its arguments, or create one from a pair of alists.
#:signing-keyis required to construct the base token;
#:iatspecifies the issuance date. It defaults to the current date;
#:expspecifies the expiration date. If it is not set, the value will be computed from iat and validity;
#:validityis used when the expiration date is not known in advance. It is a number of seconds. For a DPoP proof, the value should be around 30 seconds. For an access token, a good value is in the ballpark of 3600 seconds (an hour). Defaults to 3600 seconds, but be aware that for single-use tokens, this value will be ignored and replaced with a much shorter time.
The main point of this class is to provide a stricter token validation
function. You can customize the current date by passing
#:current-date ... as keyword arguments to
... would be replaced with a time or date.
Return the default validity as a number of seconds to construct
#f if an explicit
Check whether we should trust the JWT exp field when constructing token. DPoP proofs should not be able to fill our cache with infinitely-valid proofs, so it is disabled for DPoP proofs.
Return the signature date of token, as a srfi-19 date.
Return the expiration date of token, as a srfi-19 date.
An exception of type
&signed-in-future is raised when the
current date is before the alleged signature date. Since the signing
entity and the verifier entity may not be on the same system, the
clocks may be slightly out of synchronization, so a margin of 5
seconds is usually accepted.
An exception of type
&expired indicates that the signature is
no longer valid.
Constructors for the
Check whether exception was raised because of a date mismatch.
If exception was raised because of a date mismatch, return the signature, expiration or current date.