-
|
I have a JWT token generation code that sets the token's expiration time // Configures the time that the token can be used (nbf claim)
->canOnlyBeUsedAfter($now->modify('+10 minutes'))
// Configures the expiration time of the token (exp claim)
->expiresAt($now->modify('+10 minutes'))and I am trying to validate if the token is not expired using this code: $validator->assert($token, new ValidAt(new FrozenClock(new DateTimeImmutable('now'))));but its not working how to validate in now this token is not expired? EDIT if ($token->isExpired(new DateTimeImmutable('now'))) {
return false;
}its good idea? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
"canOnlyBeUsedAfter" is to prevent tokens from being used before they become valid, so if a token is created in advance for some token rotation scheme, that would be a valid reason maybe to put a time of the future in. In your case, put in exactly NOW, the token is valid the very second it is created. |
Beta Was this translation helpful? Give feedback.
canOnlyBeUsedAfter($now->modify('+10 minutes'))that invalidates the token until 10 minutes have passed. Then it becomes valid. But...expiresAt($now->modify('+10 minutes'))it is invalid in 10 minutes, and I doubt you'd be able to find the microsecond (there is some leeway time config available to adjust non-synchronized clocks, but let's not consider that for now) where the code would consider the token valid."canOnlyBeUsedAfter" is to prevent tokens from being used before they become valid, so if a token is created in advance for some token rotation scheme, that would be a valid reason maybe to put a time of the future in.
In your case, put in exactly NOW, the token is valid the very …