Custom ACCESS_TOKEN_EXPIRE_SECONDS by application

[tximpa91]

Hi,

I think that my question is pretty straight forward. I want to change the access_token_expire_secondsby application_id something custom like scopes classes.

Kind Regards.

[jleclanche]

django-oauth-toolkit/oauth2_provider/oauth2_validators.py

Line 456 in ee8cb08

expires = timezone.now() + timedelta(seconds=oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS)

I don't think it's possible right now.

[jywsn]

I think you could write a custom validator, subclassing oauth2_provider.oauth2_validators.OAuth2Validator and overriding the save_bearer_token() method. Within this method, you know the request.client.

[dopry]

overriding the validator should work. I would be open to a PR that introduces token settings at the application level it should defer the expires value to the Application model like validate_redirect_uri with something like

expires = request.client.get_access_token_lifetime()

and the application model should be update with an access token lifetime. It would be good to do bearer tokens as well.