fix(api,admin-ui,user-ui): add client token ttl controls and remove deprecated auth settings by markwylde · Pull Request #109 · puzed/darkauth

markwylde · 2026-03-01T11:16:45Z

Summary

preserve auth preview behavior by appending da_preview=1 in admin branding preview URLs and bypassing client existence checks in user login preview mode
add per-client access token TTL support across API schema, admin client create/edit flows, and token issuance paths
add migration 0014_client_access_token_ttl to persist client-level access token lifetimes
remove deprecated auth setting surfaces (code, pkce, id_token, access_token) from settings update/list/seed/runtime config paths

preview URLs should render reliably without being blocked by runtime client checks
token lifetimes now need to be controlled per client instead of deprecated global auth settings
removing deprecated keys simplifies runtime config and admin settings behavior

markwylde added 6 commits March 1, 2026 10:41

fix(api,admin-ui,user-ui): remove dead refresh and legacy auth fields

918c6d3

fix(brochureware): align refresh docs with token refresh grant

f319667

fix(api): remove deprecated admin refresh ttl setting

5c97b98

fix(admin-ui,user-ui): preserve auth preview mode in login flow

b10fb05

feat(api,admin-ui): add per-client access token ttl

6caf9a9

fix(api): remove deprecated auth settings keys

164f07c

markwylde merged commit 6272727 into main Mar 1, 2026
17 checks passed

markwylde deleted the fix/client-token-ttl-and-settings-cleanup branch March 1, 2026 11:28