From dbefe1de800449b4294e0844c7416e0cb7400c7e Mon Sep 17 00:00:00 2001 From: Emelia Smith Date: Thu, 16 May 2024 17:16:02 +0200 Subject: [PATCH] Enable expiry of OAuth Access Tokens granted to public clients --- config/initializers/doorkeeper.rb | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb index 8be6c52e9a..a8c8a4ae25 100644 --- a/config/initializers/doorkeeper.rb +++ b/config/initializers/doorkeeper.rb @@ -38,10 +38,19 @@ Doorkeeper.configure do # If you want to disable expiration, set this to nil. access_token_expires_in nil - # Assign a custom TTL for implicit grants. - # custom_access_token_expires_in do |oauth_client| - # oauth_client.application.additional_settings.implicit_oauth_expiration - # end + # context.grant_type to compare with Doorkeeper::OAUTH grant type constants + # context.client for client (Doorkeeper::Application) + # context.scopes for scopes + custom_access_token_expires_in do |context| + # If the client is confidential (all clients pre 4.3), then we don't want to + # expire access tokens. Applications created by users are also considered + # confidential. + if context.client.confidential? + nil + else + 15.minutes.to_i + end + end # Use a custom class for generating the access token. # https://github.com/doorkeeper-gem/doorkeeper#custom-access-token-generator