Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Token handling after discovery #6

Open
apeters1971 opened this issue Aug 10, 2021 · 1 comment
Open

Token handling after discovery #6

apeters1971 opened this issue Aug 10, 2021 · 1 comment

Comments

@apeters1971
Copy link

Could you add some section in the document how to handle usage of a token after discovery.
If I find a token under a given path, how long is it usable as is? Is the assumption to reload the token for each request, reload the token file whenever it got modified. Is the assumption to refresh token inside the application or are file based token always refreshed by external third-party applications. If the token file disappears and I had loaded it, what I am supposed to do?

@DrDaveD
Copy link
Contributor

DrDaveD commented Aug 11, 2021

This document doesn't make any assumptions about the contents of the token so I don't think it's possible to determine how long it is usable. If an application knows that the token is a JWT it can decode it and look at the exp claim.

Determinations about the long term use of a token is application-dependent and probably doesn't belong in this document, I don't think. We could discuss recommendations for your questions, but this is probably not the right forum for it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants