This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to calculate JWT expiry time and cache the same.

Posted on 09-05-2019 04:01 AM
abhishekrajput0
New Member
Reply posted on --/--/---- --:-- AM

I am receiving JWT token in header .. i have to cache the token after calculating the expiry time and reaming time should set to expiry time in cache, How can i do it in APIgee ?

0 3 5,209
Topic Labels
0 Likes
Reply
3 REPLIES 3

Posted on --/--/---- --:-- AM
brendanvu
Staff
Reply posted on --/--/---- --:-- AM

I am not clear on the requirement there.

When you receive a JWT token, what's encoded inside of the token already includes its expiry time. Try to understand your question a number of times but I can't make out what's needed with cache and the requirement for remaining time ?

In any case, it sounds like there are 2 primary policies that you can make use of

  1. Cache the token => use PopulateCache policy [1]
  2. Decode the JWT token for its expiry time => use DecodeJWT policy [2].

Then you can access the expiry time of that token via variable `jwt.{policy_name}.claim.expiry`

Go through the 4-minutes video [3] where you can see a DecodeJWT policy in action.

[1] https://docs.apigee.com/api-platform/reference/policies/populate-cache-policy

[2] https://docs.apigee.com/api-platform/reference/policies/decode-jwt-policy

[3] https://docs.apigee.com/api-platform/reference/policies/decode-jwt-policy#video

Reply

Posted on --/--/---- --:-- AM
abhishekrajput0
New Member
In response to brendanvu
Reply posted on --/--/---- --:-- AM

Thanks Brendan for your kind reply.

Let me elaborate more .. I am receiving jwt token in my request(Authorization header) and after validation that it is valid token I want to cache the token so that next time token can be retrieved form the cache.. my doubt here is.. I can get the expiry time from the jwt.{policy name}. claim.expiry . But how will I synchronize the expiry time with respective to current time ...so that if token expired as per claim.expiry the request should not go to cache.

0 Likes
Reply

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to abhishekrajput0
Reply posted on --/--/---- --:-- AM

As Brendan said, there is a variable like `jwt.{policy_name}.claim.expiry` that gives the absolute time (Seconds since epoch) of the expiry of the JWT.

If you want to cache something, the PopulateCache policy takes a RELATIVE time; in other words, the number of seconds to cache the item. So the .claim.expiry context variable won't be directly usable for that purpose. To get the relative time you would need to subtract the current time (in seconds since epoch) from .claim.expiry, to arrive at the number of seconds remaining on the JWT. And you could use that for the expiry in the policy.

Helpfully, the DecodeJWT and VerifyJWT perform that arithmetic for you.

Either of those policies will populate a ".seconds_remaining" variable . You can use that as the time-to-live for the cache.

<PopulateCache name='PC-1'/>
   ...
  <Source>jwtvariable</Source>
  <CacheKey>
      <Prefix>cachedjwt</Prefix>
      <KeyFragment ref="whateveryoulike"/>
  </CacheKey>
  <ExpirySettings>
    <TimeoutInSec ref="jwt.POLICYNAME.seconds_remaining"/>
  </ExpirySettings>
</PopulateCache>

Keep in mind that not all JWT have an exp claim; not all JWT expire. So you may want to include in your proxy flow logic, some checks for the expiry claim, and the .seconds_remaining variables. And maybe raise a fault if those variables don't exist.

0 Likes
Reply