Crypt::OpenToken::Token - OpenToken data object


use Crypt::OpenToken;

$factory = Crypt::OpenToken->new($password);
$token   = $factory->parse($token_string);

if ($token->is_valid(clock_skew => $allowable_skew)) {
   # token is valid, do something with the data

if ($token->requires_renewal(clock_skew => $allowable_skew)) {
   # token should be renewed by authenticating the User again


This module implements the data representation of an OpenToken.



Returns the "subject" field as specified in the token data.

is_valid(clock_skew => $allowable_skew)

Checks to see if the OpenToken is valid, based on the standard fields specified in the IETF draft specification.

Can accept an optional clock_skew parameter, which specifies the amount of allowable clock skew (in seconds). Defaults to "5 seconds".

requires_renewal(clock_skew => $allowable_skew)

Checks to see if the OpenToken is past its "renew-until" timestamp, and requires that it be renewed by re-authenticating the User. Not automatically renewed/reissued, but by re-authenticating the User.

Can accept an optional clock_skew parameter, which specifies the amount of allowable clock skew (in seconds). Defaults to "5 seconds".


Returns a DateTime object representing the "renew-until" field specified in the token data; the date/time at which the token must not automatically be re-issued without further authentication.

If no "renew-until" field was specified, this method returns undef.


Returns a DateTime object representing the "not-before" field specified in the token data; the date/time when the token was created. A token received before this date/time must be rejected as invalid.

If no "not-before" field was specified, this method returns undef.


Returns a DateTime object representing the "not-on-or-after" field specified in the token data; the time/time at which the token will expire. A token received on or after this date/time must be rejected as invalid.

If no "not-on-or-after" field was specified, this method returns undef.


Graham TerMarsch (


Crypt::OpenToken is Copyright (C) 2010, Socialtext, and is released under the Artistic-2.0 license.