Skip to content

Add Customizable Token Expiry Time in Login API #70

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sourabhlodha merged 2 commits into from
Mar 20, 2025
Merged

Add Customizable Token Expiry Time in Login API #70

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
281770b
token expiry time can be customize
avirajsingh7 Mar 20, 2025
1f8764d
default to one day
avirajsingh7 Mar 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 10 additions & 5 deletions backend/app/api/routes/login.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
from datetime import timedelta
from typing import Annotated, Any
from typing import Annotated, Any, Optional

from fastapi import APIRouter, Depends, HTTPException
from fastapi import APIRouter, Depends, HTTPException, Form
from fastapi.responses import HTMLResponse
from fastapi.security import OAuth2PasswordRequestForm

Expand All @@ -23,10 +23,13 @@

@router.post("/login/access-token")
def login_access_token(
session: SessionDep, form_data: Annotated[OAuth2PasswordRequestForm, Depends()]
session: SessionDep,
form_data: Annotated[OAuth2PasswordRequestForm, Depends()],
token_expiry_minutes: Optional[int] = Form(default=settings.ACCESS_TOKEN_EXPIRE_MINUTES, ge=1, le=60 * 24 * 360),
) -> Token:
"""
OAuth2 compatible token login, get an access token for future requests
OAuth2 compatible token login with customizable expiration time.
Specify an expiration time (in minutes), with a default of 30 days and a max of 360 days.
"""
user = authenticate(
session=session, email=form_data.username, password=form_data.password
Expand All @@ -35,7 +38,9 @@ def login_access_token(
raise HTTPException(status_code=400, detail="Incorrect email or password")
elif not user.is_active:
raise HTTPException(status_code=400, detail="Inactive user")
access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)

access_token_expires = timedelta(minutes=token_expiry_minutes)

return Token(
access_token=security.create_access_token(
user.id, expires_delta=access_token_expires
Expand Down
4 changes: 2 additions & 2 deletions backend/app/core/config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,8 @@ class Settings(BaseSettings):
)
API_V1_STR: str = "/api/v1"
SECRET_KEY: str = secrets.token_urlsafe(32)
# 60 minutes * 24 hours * 8 days = 8 days
ACCESS_TOKEN_EXPIRE_MINUTES: int = 60 * 24 * 8
# 60 minutes * 24 hours * 1 days = 1 days
ACCESS_TOKEN_EXPIRE_MINUTES: int = 60 * 24 * 1
FRONTEND_HOST: str = "http://localhost:5173"
ENVIRONMENT: Literal["local", "staging", "production"] = "local"

Expand Down