mirror of
https://github.com/mastodon/mastodon.git
synced 2024-08-20 21:08:15 -07:00
Enable expiry of OAuth Access Tokens granted to public clients
This commit is contained in:
parent
ff7dd02d04
commit
dbefe1de80
1 changed files with 13 additions and 4 deletions
|
@ -38,10 +38,19 @@ Doorkeeper.configure do
|
||||||
# If you want to disable expiration, set this to nil.
|
# If you want to disable expiration, set this to nil.
|
||||||
access_token_expires_in nil
|
access_token_expires_in nil
|
||||||
|
|
||||||
# Assign a custom TTL for implicit grants.
|
# context.grant_type to compare with Doorkeeper::OAUTH grant type constants
|
||||||
# custom_access_token_expires_in do |oauth_client|
|
# context.client for client (Doorkeeper::Application)
|
||||||
# oauth_client.application.additional_settings.implicit_oauth_expiration
|
# context.scopes for scopes
|
||||||
# end
|
custom_access_token_expires_in do |context|
|
||||||
|
# If the client is confidential (all clients pre 4.3), then we don't want to
|
||||||
|
# expire access tokens. Applications created by users are also considered
|
||||||
|
# confidential.
|
||||||
|
if context.client.confidential?
|
||||||
|
nil
|
||||||
|
else
|
||||||
|
15.minutes.to_i
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
# Use a custom class for generating the access token.
|
# Use a custom class for generating the access token.
|
||||||
# https://github.com/doorkeeper-gem/doorkeeper#custom-access-token-generator
|
# https://github.com/doorkeeper-gem/doorkeeper#custom-access-token-generator
|
||||||
|
|
Loading…
Reference in a new issue