This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

apigee modify time format generated in the token (generate token policy)

Posted on 10-11-2022 09:09 AM
alazam
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

how can i modify  the format of the date in expiresin claim in generatetoken policy 

for example 

 

<ExpiresIn>2m</ExpiresIn>

 

this claim genrates a datetime in seconds inside the token: 
like this: 

1665496447

and i would like to have it in the token in ms format like this:

1665494999893

i need to do this cause the backend dosen't accepts expiresin vars in seconds and so i am getting error claim, how can i change the format in policy (genrate token) if possible ? if not what solutions do you suggests pls ?

 

Solved Solved
0 1 113
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

> in generatetoken policy

what specific policy are you referring to? If you are referring to the GenerateJWT policy, and specifically the exp claim within the generated token, that policy generates a JWT. The JWT spec describes the format of the exp claim, stating that it is a number, which expresses the seconds-since-epoch for expiry. There’s no way to get the GenerateJWT policy to emit a value for exp and expressed as a milliseconds quantity.

Any system that validates a JWT MUST treat the exp claim as a seconds quantity. in light of that, in my opinion the only reason to want to do such a thing - to generate a misformatted JWT in the way you describe -  is to subvert security. So I guess if you’re a  hacker or a red team member , you would have a reason to try to do this. But you will not want to do this if you are simply solving a business problem. 

which one are you? Hacker or red team?

> the backend dosen't accepts expiresin vars in seconds and

I suggest you fix that backend system! It’s wrong. 

good luck, I guess. 

View solution in original post

Jump to Solution
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

> in generatetoken policy

what specific policy are you referring to? If you are referring to the GenerateJWT policy, and specifically the exp claim within the generated token, that policy generates a JWT. The JWT spec describes the format of the exp claim, stating that it is a number, which expresses the seconds-since-epoch for expiry. There’s no way to get the GenerateJWT policy to emit a value for exp and expressed as a milliseconds quantity.

Any system that validates a JWT MUST treat the exp claim as a seconds quantity. in light of that, in my opinion the only reason to want to do such a thing - to generate a misformatted JWT in the way you describe -  is to subvert security. So I guess if you’re a  hacker or a red team member , you would have a reason to try to do this. But you will not want to do this if you are simply solving a business problem. 

which one are you? Hacker or red team?

> the backend dosen't accepts expiresin vars in seconds and

I suggest you fix that backend system! It’s wrong. 

good luck, I guess. 

Jump to Solution
0 Likes
Top Solution Authors
View all