I have a App where there is possibility of user not using an App for more than a month. I don't want them to login again as it some kind of annoying user experience.
I have right now made a small fix in the file simple_oauth/src/Plugin/Oauth2Grant/Password.php :

  /**
   * {@inheritdoc}
   */
  public function getGrantType() {
    $grant = new PasswordGrant($this->userRepository, $this->refreshTokenRepository);
    $grant->setRefreshTokenTTL(new \DateInterval('P3M'));
    return $grant;
  }

It will be great if there is a setting that can allow to alter RefreshTokenTTL. Please let me know if we can add this feature.
If you wish I can summit a patch for the same.

Comments

webankit created an issue. See original summary.

webankit’s picture

Issue summary: View changes
seanb’s picture

Status: Active » Needs review
StatusFileSize
new10.61 KB

Being able to change the TTL for the refresh token would be nice indeed. Can we enable this in the interface?
Patch is attached to do this.

The default TTL is 30 days (2592000 seconds), but this is technically not the same a the P1M date interval. Maybe it's better to create a select list for the expiration values and store the actual date interval format? Doing that now would save us from writing a new update hook later.

I think the list below will add enough options, but leaving this a a custom field providing the expiration in seconds would work for me just as well.

  • 1 minute
  • 5 minutes
  • 15 minutes
  • 30 minutes
  • 1 hour
  • 4 hours
  • 8 hours
  • 1 day
  • 7 days
  • 1 week
  • 2 weeks
  • 1 month
  • 3 months
  • 6 months
e0ipso’s picture

Thanks for the patch. I am merging this, but with a default expiration time of 14 days instead. I'm using Google's research on expiration time for this default.

e0ipso’s picture

Status: Needs review » Fixed

  • e0ipso committed c2b6f04 on 8.x-2.x authored by seanB
    feat(Refresh): Make refresh token TTL configurable (#2858161 by seanB,...

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.