Preferred way to check if a Signed GlobalID is expired?

[aergonaut]

The documentation for Signed Global IDs shows that they can have an expiry date. I know that if the SGID is expired, then trying to use it to locate a record returns nil. But returning nil could also mean that the record indicated by the SGID no longer exists.

Is there a way to specifically tell that the SGID is expired? I see in the code, an ExpiredMessage exception is actually raised, but it is immediately caught and turned into nil.

globalid/lib/global_id/signed_global_id.rb

Lines 32 to 40 in 3ddb0f8

	def verify(sgid, options)
	metadata = pick_verifier(options).verify(sgid)
	raise_if_expired(metadata['expires_at'])
	metadata['gid'] if pick_purpose(options) == metadata['purpose']
	rescue ActiveSupport::MessageVerifier::InvalidSignature, ExpiredMessage
	nil
	end

I could use the SignedGlobalID#verifier to decode the message and then get the expired_at attribute out of the Hash. That seems hacky to me, so I was wondering if there was another way to check for expiration?

Would a PR to add an expired? method to SignedGlobalID be welcome? I'd be happy to work on that.

Thanks!

[fschwahn]

I'd be interested as well - we want to know if & when a globalid expired to show users an info like "this link expired on XXX". Currently we do this manually using SignedGlobalID.verifier. It would be great if an expires_at method could be added in addition to expired?.

[dhh]

I'd take #expired? 👍

[rafaelfranca]

If we want to implement this it need to be in the ActiveSupport::MessageVerifier that is used to globalid to check message

https://github.com/rails/rails/blob/main/activesupport/lib/active_support/message_verifier.rb

The current code here is going to be removed to verify the message is legacy and will be removed. See #107

[ghiculescu]

PR to add to Rails: rails/rails#48820

Once that's merged I can make a PR here to add expired?.