Lemmy App Development

762 readers

2 users here now

A place for Lemmy builders to chat about building apps, clients, tools and bots for the Lemmy platform.

On-Topic:

programming questions related to the Lemmy platform
sharing your ideas, WIP, or released Lemmy-related work

Off-Topic:

general programming questions unrelated to Lemmy
feature requests for developers
sharing or promoting work not related to Lemmy

founded 2 years ago

MODERATORS

[email protected]

Bot authentication and JWT validation question (programming.dev)

submitted 2 years ago* (last edited 2 years ago) by [email protected] to c/[email protected]

0 comments fedilink hide all child comments

I'm working on a test bot to understand the API and I have a question about authentication and JWT validation.

As far as I can see, the way to authenticate is to call the /user/login endpoint with valid credentials which will return a JWT. All is good except the JWT payload. I see that it contains iat but nothing about expiry (exp).

Now, I wanted to use the JWT for multiple requests, but that's difficult if I cannot figure out when the token expires. What is the best way to be sure about the validity of a JWT before using it. Should I get a new JWT before every operation, is that the intended behavior? Or maybe I misunderstand the way authentication works with Lemmy?

Edit: I asked this on Lemmy Development channel a few days ago and apparently someone has created an issue in Github. So, perhaps this will be addressed in a later update.

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here