docs: adds an expires field to the bearer token response #676

achingbrain · 2025-04-30T13:43:25Z

Where a bearer token is returned to the client for future use, optionally include an expires field which indicates the latest time that it will be treated as valid.

The server is free to expire tokens at any time so this field is purely advisory.

Fixes #674

Where a bearer token is returned to the client for future use, optionally include an `expires` field which indicates the latest time that it will be treated as valid. The server is free to expire tokens at any time so this field is purely advisory. Fixes #674

http/peer-id-auth.md

MarcoPolo · 2025-05-01T18:10:02Z

http/peer-id-auth.md

@@ -172,6 +172,17 @@ protocol operates as follows:
   Authentication-Info: libp2p-PeerID sig="<base64-signature-bytes>" bearer="<base64-encoded-opaque-blob>"
   ```

+   The server MAY include an `expires` field which contains the expiry time of
+   the bearer token in [ISO-8601](https://www.iso.org/iso-8601-date-and-time-format.html)


I think we should use RFC 3339 instead. It's a subset of ISO 8601 with a focus on simplicity and use over the internet.

In JS, I believe toISOString() is RFC 3339 compliant.

I think that's what I meant. I'm all in favour of simplicity.

http/peer-id-auth.md

p-shahi

Seems good to merge once the revision's updated

achingbrain · 2025-05-28T15:26:30Z

Refs ipshipyard/roadmaps#16

achingbrain requested a review from MarcoPolo April 30, 2025 13:43

github-project-automation bot added this to libp2p Specs Apr 30, 2025

github-project-automation bot moved this to Triage in libp2p Specs Apr 30, 2025

achingbrain commented Apr 30, 2025

View reviewed changes