how can i modify the format of the date in expiresin claim in generatetoken policy
for example
<ExpiresIn>2m</ExpiresIn>
this claim genrates a datetime in seconds inside the token:
like this:
1665496447
and i would like to have it in the token in ms format like this:
1665494999893
i need to do this cause the backend dosen't accepts expiresin vars in seconds and so i am getting error claim, how can i change the format in policy (genrate token) if possible ? if not what solutions do you suggests pls ?
Solved! Go to Solution.
> in generatetoken policy
what specific policy are you referring to? If you are referring to the GenerateJWT policy, and specifically the exp claim within the generated token, that policy generates a JWT. The JWT spec describes the format of the exp claim, stating that it is a number, which expresses the seconds-since-epoch for expiry. There’s no way to get the GenerateJWT policy to emit a value for exp and expressed as a milliseconds quantity.
Any system that validates a JWT MUST treat the exp claim as a seconds quantity. in light of that, in my opinion the only reason to want to do such a thing - to generate a misformatted JWT in the way you describe - is to subvert security. So I guess if you’re a hacker or a red team member , you would have a reason to try to do this. But you will not want to do this if you are simply solving a business problem.
which one are you? Hacker or red team?
> the backend dosen't accepts expiresin vars in seconds and
I suggest you fix that backend system! It’s wrong.
good luck, I guess.
> in generatetoken policy
what specific policy are you referring to? If you are referring to the GenerateJWT policy, and specifically the exp claim within the generated token, that policy generates a JWT. The JWT spec describes the format of the exp claim, stating that it is a number, which expresses the seconds-since-epoch for expiry. There’s no way to get the GenerateJWT policy to emit a value for exp and expressed as a milliseconds quantity.
Any system that validates a JWT MUST treat the exp claim as a seconds quantity. in light of that, in my opinion the only reason to want to do such a thing - to generate a misformatted JWT in the way you describe - is to subvert security. So I guess if you’re a hacker or a red team member , you would have a reason to try to do this. But you will not want to do this if you are simply solving a business problem.
which one are you? Hacker or red team?
> the backend dosen't accepts expiresin vars in seconds and
I suggest you fix that backend system! It’s wrong.
good luck, I guess.