oauth2: Add custom TTL to refresh tokens #2942
Conversation
|
OK, I tuned the tests against |
bob983
force-pushed
the
feat/plugins/oauth2/refresh-token-ttl
branch
3 times, most recently
from
126d113 to
72e62a9
Compare
kong/plugins/oauth2/schema.lua
Outdated
| @@ -31,6 +31,7 @@ return { | |||
| accept_http_if_already_terminated = { required = false, type = "boolean", default = false }, | |||
| anonymous = {type = "string", default = "", func = check_user}, | |||
| global_credentials = {type = "boolean", default = false}, | |||
| refresh_token_ttl = {required = false, type = "number", default = 1209600} -- original hardcoded value - 14 days | |||
There was a problem hiding this comment.
Do not allow nil here, so required = true.
This also means that a migration is needed to insert the default value in all existing entries, see this code for an example.
Because of the migration, we also cannot target the master branch, but must go to the next major release, which is in the next branch.
There was a problem hiding this comment.
OK, gotcha, let me add the required flag, the migration and rebase/switch to next branch.
bob983
force-pushed
the
feat/plugins/oauth2/refresh-token-ttl
branch
from
72e62a9 to
a709b4d
Compare
|
@Tieske I added the migration, rebased against |
| return config | ||
| end | ||
| if config.run_on_preflight == nil then | ||
| config.run_on_preflight = true |
There was a problem hiding this comment.
too much copy-pasta here, run_on_preflight is not being added here but the config option refresh_token_ttl.
There was a problem hiding this comment.
🤕 oh my, Bob! Thanks
bob983
force-pushed
the
feat/plugins/oauth2/refresh-token-ttl
branch
2 times, most recently
from
520e5c0 to
fe143a7
Compare
|
OK, let's pretend the migration code didn't contain |
|
final item seems docs, on https://github.com/Kong/getkong.org |
|
Updated documentation - Kong/docs.konghq.com#535 |
|
This crossed another PR and now needs a rebase |
Refresh token TTL used to be hardcoded to 14 days. This pose a problem with scenarios where the token/refresh_token is only used sporadically. This change adds new config option refresh_token_ttl that specify refresh token's TTL. If the value is nil or 0 it means keep forever. Fix Kong#2024
bob983
force-pushed
the
feat/plugins/oauth2/refresh-token-ttl
branch
from
fe143a7 to
735f72d
Compare
There was a problem hiding this comment.
I think this will do it. There are many aspects to this plugins that warrant a refactor/improvement but they would be outside the scope of this PR, which I think is suffering from it.
Thank for contributing this feature @bob983!
thibaultcha
dismissed
Tieske’s stale review
required changes addressed by contributor
|
Thank you for the contribution @bob983 ! This shall be released in our next major version (0.12). |
See Kong/kong#2942 From #535 Signed-off-by: Thibault Charbonnier <thibaultcha@me.com>
See Kong/kong#2942 From #535 Signed-off-by: Thibault Charbonnier <thibaultcha@me.com>
See Kong/kong#2942 From #535 Signed-off-by: Thibault Charbonnier <thibaultcha@me.com>
See Kong/kong#2942 From #535 Signed-off-by: Thibault Charbonnier <thibaultcha@me.com>
A `refresh_token` TTL used to be hard-coded to 14 days. This pose a problem with scenarios where the token/refresh_token is only used sporadically. This change adds new config option `refresh_token_ttl` that specifies a refresh token's TTL. If the value is `nil` or 0, it means keep forever. Fix #2024 From #2942
A `refresh_token` TTL used to be hard-coded to 14 days. This pose a problem with scenarios where the token/refresh_token is only used sporadically. This change adds new config option `refresh_token_ttl` that specifies a refresh token's TTL. If the value is `nil` or 0, it means keep forever. Fix #2024 From #2942
Summary
Refresh token TTL used to be hardcoded to 14 days. This pose a problem with scenarios where the token/refresh_token is only used sporadically. This PR adds new config option
refresh_token_ttlthat specify refresh token's TTL. If the value isnilor0it means keep forever.refresh_token_ttlto the plugin's schemagenerate_tokenmethod asttloption, replace it withnilif the is either not defined or lower than0.Full changelog
kong/plugins/oauth2/schema.lua
kong/plugins/oauth2/access.lua
Test cases
spec/03-plugins/26-oauth2/01-schema_spec.lua
spec/03-plugins/26-oauth2/03-access_spec.lua
Issues resolved
Fix #2024
Misc
I'm of course open to suggestion on how to make the code better or how to test it better