You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If a JWT provided with a subscription request expires while the subscription is live, then the subscription should not be authorized anymore, and should be closed (there is no mechanism right now to renew a token while in a subscription).
The authentication plugin should store the expiration date, and add an execution plugin that checks the expiration date.
The text was updated successfully, but these errors were encountered:
If a JWT expires whilst a subscription is executing, the subscription
should be terminated.
fixes: #3947
<!-- start metadata -->
---
**Checklist**
Complete the checklist (and note appropriate exceptions) before the PR
is marked ready-for-review.
- [x] Changes are compatible[^1]
- [x] Documentation[^2] completed
- [x] Performance impact assessed and acceptable
- Tests added and passing[^3]
- [ ] Unit Tests
- [ ] Integration Tests
- [x] Manual Tests
**Exceptions**
It's tricky to automatically test token expiration, so I've tested this
feature manually. I used:
https://www.unixtimestamp.com/https://jwt.io/
to generate timestamps and then JWT tokens using those timestamps as
`exp` claims.
I ran a router configured to support JWT authn and subscription and then
subscribed to a feed using `curl` and ensured my subscription timed out.
Sample output snippet:
```
--graphql
content-type: application/json
{"payload":{"data":{"reviewAdded":{"id":4}}}}
--graphql
content-type: application/json
{}
--graphql
content-type: application/json
{"payload":null,"errors":[{"message":"subscription closed because the JWT has expired","extensions":{"code":"SUBSCRIPTION_JWT_EXPIRED"}}]}
--graphql--
```
**Notes**
[^1]: It may be appropriate to bring upcoming changes to the attention
of other (impacted) groups. Please endeavour to do this before seeking
PR approval. The mechanism for doing this will vary considerably, so use
your judgement as to how and when to do this.
[^2]: Configuration is an important part of many changes. Where
applicable please try to document configuration examples.
[^3]: Tick whichever testing boxes are applicable. If you are adding
Manual Tests, please document the manual testing (extensively) in the
Exceptions.
If a JWT provided with a subscription request expires while the subscription is live, then the subscription should not be authorized anymore, and should be closed (there is no mechanism right now to renew a token while in a subscription).
The authentication plugin should store the expiration date, and add an execution plugin that checks the expiration date.
The text was updated successfully, but these errors were encountered: