Consider updating iat as default behavior on sign.
#28
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For singing, when
iatis present (not empty) inpay, automatically populate withtime.Now().Unix().For implementation, a global can configure the behavior. Something like
UpdateIat:truewhich can then be set to false.This follows the behavior of the online tool, which defaults to updating
iat, but is configurable using a toggle (and can be set using a URL parameter as well).For example,
{ "msg": "Coze Rocks", "alg": "ES256", "iat": 1623132000, "tmb": "cLj8vsYtMBwYkzoFVZHBZo6SNL8wSdCIjCKAwXNuhOk", "typ": "cyphr.me/msg" }would be update to:
{ "msg": "Coze Rocks", "alg": "ES256", "iat": 1730065126, "tmb": "cLj8vsYtMBwYkzoFVZHBZo6SNL8wSdCIjCKAwXNuhOk", "typ": "cyphr.me/msg" }As best practice when setting values on a new struct, to signify that
iatshould be populated with a new value in the future on signing, the value0should be used to denote the explicit intention to trigger an update.(As as minor aside, the value
1may be considered over0. This would be done in hopes neophytes unfamiliar with the semantics ofomitemptydon't anticipateiat's removal when zero. My perspective is that following idiomatic Go is better;omitemptywill only omit an integer value when the pointer value isnil. The zero value0is non-empty. Also, the value1also has meaning torvk, which could be confusing.)Alternatively, as it stands now,
iatmust be manually set. A line likepay.Iat = time.Now().Unix()is found all throughout Cyphr.me's codebase. This change would allow omitting that line, asint64is not an uninitialized pointer in typeCozeso it will be populated with the current timestamp.The text was updated successfully, but these errors were encountered: