I have a App where there is possibility of user not using an App for more than a month. I don't want them to login again as it some kind of annoying user experience.
I have right now made a small fix in the file simple_oauth/src/Plugin/Oauth2Grant/Password.php :
/**
* {@inheritdoc}
*/
public function getGrantType() {
$grant = new PasswordGrant($this->userRepository, $this->refreshTokenRepository);
$grant->setRefreshTokenTTL(new \DateInterval('P3M'));
return $grant;
}
It will be great if there is a setting that can allow to alter RefreshTokenTTL. Please let me know if we can add this feature.
If you wish I can summit a patch for the same.
| Comment | File | Size | Author |
|---|---|---|---|
| #3 | simple_oauth-refresh_token_ttl_setting-2858161-3.patch | 10.61 KB | seanb |
Comments
Comment #2
webankit commentedComment #3
seanbBeing able to change the TTL for the refresh token would be nice indeed. Can we enable this in the interface?
Patch is attached to do this.
The default TTL is 30 days (2592000 seconds), but this is technically not the same a the P1M date interval. Maybe it's better to create a select list for the expiration values and store the actual date interval format? Doing that now would save us from writing a new update hook later.
I think the list below will add enough options, but leaving this a a custom field providing the expiration in seconds would work for me just as well.
Comment #4
e0ipsoThanks for the patch. I am merging this, but with a default expiration time of 14 days instead. I'm using Google's research on expiration time for this default.
Comment #5
e0ipso