Now that we have some real world usage of rpc-auth via conveyor we are seeing a significant amount of RPCError: Unauthorized: Signature expired caused by clients who disagree with our servers on what the current time is.
My proposed solution to this is as follows:
- Extend
rpc-auth's sign and validate methods to accept a Date object that represents current time.
- In the clients, call steemd
get_dynamic_global_properties and use that as a clock source for creating new Date objects passed to sign
We could also use get_dynamic_global_properties as a clock source for the verifying rpc services but might be overkill as we can easily ensure their clocks are in sync with our steemd cluster.
cc @sneak @goldibex
Now that we have some real world usage of rpc-auth via conveyor we are seeing a significant amount of
RPCError: Unauthorized: Signature expiredcaused by clients who disagree with our servers on what the current time is.My proposed solution to this is as follows:
rpc-auth'ssignandvalidatemethods to accept aDateobject that represents current time.get_dynamic_global_propertiesand use that as a clock source for creating newDateobjects passed tosignWe could also use
get_dynamic_global_propertiesas a clock source for the verifying rpc services but might be overkill as we can easily ensure their clocks are in sync with our steemd cluster.cc @sneak @goldibex