MSC2918 Refresh tokens implementation

synapse/config/registration.py

@@ -119,6 +119,11 @@ def read_config(self, config, **kwargs):
             session_lifetime = self.parse_duration(session_lifetime)
         self.session_lifetime = session_lifetime
 
+        # The `access_token_lifetime` applies for tokens that can be renewed
+        # using a refresh token, as per MSC2918. This behaviour can be disabled
+        # by setting it to `None` (`null` in the YAML config). Since it is
+        # incompatible with the `session_lifetime` mechanism, it is set to
+        # `None` by default if a `session_lifetime` is set.
         access_token_lifetime = config.get(
             "access_token_lifetime", "5m" if session_lifetime is None else None
         )

synapse/handlers/auth.py

@@ -1326,7 +1326,7 @@ def generate_access_token(self, for_user: UserID) -> str:
     def generate_refresh_token(self, for_user: UserID) -> str:
         """Generates an opaque string, for use as a refresh token"""
 
-        # we use the following format for access tokens:
+        # we use the following format for refresh tokens:
         #    syr_<base64 local part>_<random string>_<base62 crc check>
 
         b64local = unpaddedbase64.encode_base64(for_user.localpart.encode("utf-8"))

synapse/storage/databases/main/registration.py

@@ -54,6 +54,8 @@ class TokenLookupResult:
         token_owner: The "owner" of the token. This is either the same as the
             user, or a server admin who is logged in as the user.
         token_used: True if this token was used at least once in a request.
+            This field can be out of date since `get_user_by_access_token` is
+            cached.
     """
 
     user_id = attr.ib(type=str)