Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Personal Access Token expiration can't be set and it fails to check the Y2K38 bug. #162

Closed
fgoni opened this issue Oct 30, 2016 · 13 comments
Closed

Comments

@fgoni
Copy link

@fgoni fgoni commented Oct 30, 2016

Using the Passport facade to set the Expiration time for Authorization Code and Password Grant you can avoid the dreaded Y2K38 bug but Personal Access Tokens are hardcoded to last another hundred years from now, which puts it well beyond 2038.

This is a problem because on most Windows environments the tokens will never match and never authenticate the user.

The only way to bypass this is to modify the vendor files and do it every time Passport is upgraded.

@nugrahawahyu

This comment has been minimized.

Copy link

@nugrahawahyu nugrahawahyu commented Oct 30, 2016

Yeah I always get negative value of expires_in ( -1477799197 ) and the only way to fix it is to modify the vendor files.

@zsimple

This comment has been minimized.

Copy link

@zsimple zsimple commented Oct 31, 2016

Yes, I just wasted one day to find this problem, It happend only happend on 32bit php.

For now, maybe we need modify passport/src/Passport.php @ 190 line, new DateInterval('P100Y') --> new DateInterval('P1Y');.

100 Years is really too long :-D

@funkeye

This comment has been minimized.

Copy link

@funkeye funkeye commented Nov 7, 2016

Yeah I always get negative value of expires_in ( -1477799197 ) and the only way to fix it is to modify the Vendor files.

@nugrahawahyu you can simply change the token-lifetime - it solved my problems


    /**
     * Register any authentication / authorization services.
     *
     * @return void
     */
    public function boot()
    {
        $this->registerPolicies();

        Passport::routes();
        Passport::tokensExpireIn(Carbon::now()->addDays(30));
    }
@fgoni

This comment has been minimized.

Copy link
Author

@fgoni fgoni commented Nov 7, 2016

TokensExpireIn 'only' works for Authorization Code and Password Grant tokens, not for personal access tokens.

@themsaid

This comment has been minimized.

Copy link
Member

@themsaid themsaid commented Nov 14, 2016

a PR was submitted to solve the issue: #185

@themsaid themsaid closed this Nov 14, 2016
@dgutman10

This comment has been minimized.

Copy link

@dgutman10 dgutman10 commented Jul 31, 2017

To change the expiration date of a PersonalAccessToken could create a ServiceProvider that extends from the Passport Service Provider. for example: To add 1 hour edit method registerAuthorizationServer() and change this

$server->enableGrantType(
   new PersonalAccessGrant, new DateInterval('P1Y')
);

for this

$server->enableGrantType(
    new PersonalAccessGrant, new DateInterval('PT1H')
 );
<?php

namespace App\Providers;

use DateInterval;
use Laravel\Passport\Bridge\PersonalAccessGrant;
use Laravel\Passport\Passport;
use Laravel\Passport\PassportServiceProvider;
use League\OAuth2\Server\AuthorizationServer;
use League\OAuth2\Server\Grant\ClientCredentialsGrant;

class YourPassportServiceProvider extends PassportServiceProvider
{
    /**
     * Bootstrap the application services.
     *
     * @return void
     */
    public function boot()
    {
        parent::boot();
    }

    /**
     * Register the application services.
     *
     * @return void
     */
    public function register()
    {
        parent::register();
    }

    /**
     * Register the authorization server.
     *
     * @return void
     */
    protected function registerAuthorizationServer()
    {
        $this->app->singleton(AuthorizationServer::class, function () {
            return tap($this->makeAuthorizationServer(), function ($server) {
                $server->enableGrantType(
                    $this->makeAuthCodeGrant(), Passport::tokensExpireIn()
                );

                $server->enableGrantType(
                    $this->makeRefreshTokenGrant(), Passport::tokensExpireIn()
                );

                $server->enableGrantType(
                    $this->makePasswordGrant(), Passport::tokensExpireIn()
                );

                $server->enableGrantType(
                    new PersonalAccessGrant, new DateInterval('PT1H')
                );

                $server->enableGrantType(
                    new ClientCredentialsGrant, Passport::tokensExpireIn()
                );

                if (Passport::$implicitGrantEnabled) {
                    $server->enableGrantType(
                        $this->makeImplicitGrant(), Passport::tokensExpireIn()
                    );
                }
            });
        });
    }
}

@diazemiliano

This comment has been minimized.

Copy link

@diazemiliano diazemiliano commented Dec 12, 2017

Hi guys, I've set the expires_at date in database to one year before now. But it seems Passport isn't checking expiration dates on personal access tokens. That's a default behavior? Thanks.

@hlorofos

This comment has been minimized.

Copy link

@hlorofos hlorofos commented Dec 31, 2017

@diazemiliano in my case it doesn't validated at all, no matter which type of client I'm used.

@chrisgillis

This comment has been minimized.

Copy link

@chrisgillis chrisgillis commented Jan 22, 2018

My password granted tokens seem to be expiring much more quickly than Carbon::now()->addDays(1)... they seem to last about 2 hours max

@dgutman10

This comment has been minimized.

Copy link

@dgutman10 dgutman10 commented Mar 14, 2018

$authorizarionServer = app()->make(\League\OAuth2\Server\AuthorizationServer::class);
$authorizationServer->enableGrantType(
new PersonalAccessGrant, new DateInterval('PT1M')
);

    return JsonResponse::create(
        $user->createToken(
            $user->getAttribute('name') . " " . Carbon::now(),
            $scopes = ""
        ),
        JsonResponse::HTTP_OK
    );
@DevTTL

This comment has been minimized.

Copy link

@DevTTL DevTTL commented May 2, 2018

十分感谢 @DiegoGutman 的方案完美解决了我的问题 ,向你致敬

@NicksonYap

This comment has been minimized.

Copy link

@NicksonYap NicksonYap commented Aug 14, 2018

Thanks @dgutman10 !
This works :)

@vivektakrani

This comment has been minimized.

Copy link

@vivektakrani vivektakrani commented Jan 15, 2019

One can simply update the expiry time for Personal token using personalAccessTokensExpireIn method in AuthServiceProvider's boot method.
Check https://stackoverflow.com/a/54196090/3535399

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
You can’t perform that action at this time.