Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Token generation valid for specific time.

 
Naresh Chaurasia
Ranch Hand
Posts: 361
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I want to create stand along application, where i generate a token. This token will be used for authentication purpose. I want to write encoding/decoding code for this token generation. The important part of this token is that it is time bound. i.e. I should have control that this token is valid for specified period of time (1 hour or 1 day). Can some one suggest what approach i can use to achieve this.
 
Carles Gasques
Ranch Hand
Posts: 199
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

What is the purpose of the token authorization or authentication?

If the goal is that the token serves as authorization ticket,
what about encrypt a time to life string?


Best regards,

 
Amit Ghorpade
Bartender
Posts: 2854
10
Fedora Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If this token is used for authentication, then encoding alone is not sufficient, you will need encryption.
My idea is to have a random string generated using the secure random number generator, then append a separator and then append the current timestamp. Encrypt this string and then encode it to get the token.

The appended timestamp will allow you to validate against any expiry value from milliseconds to years.

Hope this helps
 
Naresh Chaurasia
Ranch Hand
Posts: 361
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Amit Ghorpade wrote:If this token is used for authentication, then encoding alone is not sufficient, you will need encryption.
My idea is to have a random string generated using the secure random number generator, then append a separator and then append the current timestamp. Encrypt this string and then encode it to get the token.

The appended timestamp will allow you to validate against any expiry value from milliseconds to years.

Hope this helps


If i follow this approach, i get the following

encrypt(random string + time stamp) => token.

I have following constraint while doing this implementation. I cannot store any token related info in file or db. So how do i decrypt the token and verify that it is correct/valid token.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic