Commit 81d9122f authored by okhin's avatar okhin 🚴

Adding not before and expires on the JWT token, to limit hijacking of the token

parent e6ee6e95
Pipeline #920 passed with stage
in 1 second
......@@ -70,7 +70,7 @@ class Main extends Controller {
elseif ($f3->get('VERB') == 'POST'){
// Create the call
// Generate a jwt token
$token = JWT::encode(array('api' => JWT_TOKEN), JWT_KEY);
$token = JWT::encode(array('api' => JWT_TOKEN, 'nbf' => time(), 'exp' => time() + 10 * 60), JWT_KEY);
// To get the callee, we have the callee_id in the form. Using that
// to load the callee and retrieve its number.
$contact = Api::get_contact($args['id']);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment