How do I disable token lifetime in WSSE Authentication?

[pedrofurtado]

How do I disable token lifetime (i.e., to make tokens not expirable) in WSSE Authentication?

[vsoroka]

It is not possible to disable the token lifetime, but you can set a very big value for it, e.g. 30 days.
To do it you can use /app/config/security.yml.
Here is an example:

security:
    firewalls:
        wsse_secured:
            wsse:
                lifetime: 2592000 # 30 days
        api_wsse_secured:
            wsse:
                lifetime: 2592000 # 30 days

[pedrofurtado]

@vsoroka Thanks, man! I'll configure my security.yml just like your answer.

[pedrofurtado]

I've made a pull request on EscapeWSSEAuthenticationBundle (https://github.com/djoos/EscapeWSSEAuthenticationBundle), to enable this feature.

djoos/EscapeWSSEAuthenticationBundle#90

Edit: This feature is available only in version 2.3.0 and higher, but OroPlatform uses version 1.0.2.

[vsoroka]

I've created an internal task BAP-13002 where we will upgrade the platform to the latest version of EscapeWSSEAuthenticationBundle

[pedrofurtado]

@vsoroka Thanks for feedback! My pull request was merged in EscapeWSSEAuthenticationBundle.

Do you have a estimative about when it will be released this version with the latest version of EscapeWSSEAuthenticationBundle?

Thanks!

[vsoroka]

Sorry, but as far as I know, for now we do not have any plans about this task.
If it is important for you, welcome to create a pull request.
Thanks!

[pedrofurtado]

@vsoroka There is a temporary solution (until OroPlatform upgrades the version of the EscapeWSSEAuthenticationBundle dependency), here is the link: https://oroinc.com/orocrm/forums/topic/how-do-i-disable-token-lifetime-in-wsse-authentication