【发布时间】:2020-04-11 16:12:54
【问题描述】:
我正在尝试将到期时间添加到我使用 jwcrypto 库以下列方式生成的 JWE
from jwcrypto import jwe, jwk, jwt
from datetime import datetime, timedelta
import time
# create JWK from existing key
jwk_str = '{"k":"29Js2yXM6P_4v9K1mHDlYVHw8Xvm_GEhvMTvKTRLRzY","kty":"oct"}'
jwk_key = jwk.JWK.from_json(jwk_str)
# calculate expiry time
d = datetime.now() + timedelta(seconds=5)
epoch = datetime.utcfromtimestamp(0)
total_seconds = (d - epoch).total_seconds()
# Add exp to the claims
claims={"exp": total_seconds, "sub": "Some random payload"}
print(claims)
jwttoken = jwt.JWT(header={"alg": "A256KW", "enc": "A256CBC-HS512"}, claims=claims)
jwttoken.make_encrypted_token(jwk_key)
jwetokenstr = jwttoken.serialize()
print(jwetokenstr)
# wait for 10 seconds to cross the expiry time
time.sleep(10)
jwttoken = jwt.JWT()
jwttoken.deserialize(token, jwk_key) # Ideally this line should fail as expiry is reached but it doesn't
print(jwttoken.claims)
我正在获取有效负载,但未读取到期声明并且在到期时不会失败。 我做错了什么?
【问题讨论】:
-
请显示有效载荷中 exp 的确切值。我不知道这个库,但通常到期不会在 exp 中写入的同一秒失败。它甚至可能需要 5 分钟,具体取决于时钟偏差设置
-
@jps :是的,我认为有 60 秒的默认余地