From dbefe1de800449b4294e0844c7416e0cb7400c7e Mon Sep 17 00:00:00 2001
From: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
Date: Thu, 16 May 2024 17:16:02 +0200
Subject: [PATCH] Enable expiry of OAuth Access Tokens granted to public
 clients

---
 config/initializers/doorkeeper.rb | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb
index 8be6c52e9a0..a8c8a4ae251 100644
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -38,10 +38,19 @@ Doorkeeper.configure do
   # If you want to disable expiration, set this to nil.
   access_token_expires_in nil
 
-  # Assign a custom TTL for implicit grants.
-  # custom_access_token_expires_in do |oauth_client|
-  #   oauth_client.application.additional_settings.implicit_oauth_expiration
-  # end
+  # context.grant_type to compare with Doorkeeper::OAUTH grant type constants
+  # context.client for client (Doorkeeper::Application)
+  # context.scopes for scopes
+  custom_access_token_expires_in do |context|
+    # If the client is confidential (all clients pre 4.3), then we don't want to
+    # expire access tokens. Applications created by users are also considered
+    # confidential.
+    if context.client.confidential?
+      nil
+    else
+      15.minutes.to_i
+    end
+  end
 
   # Use a custom class for generating the access token.
   # https://github.com/doorkeeper-gem/doorkeeper#custom-access-token-generator