-
-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is it possible to postpone the access_token expiration with every call? #335
Comments
The issue appears to me that that token is a jwt that is hardcoded to expire in 900 seconds (15 minutes) It's pretty annoying with SSO and really annoying if you do local logins or are streaming anything for any duration. I'm actually not clear why you can even set a cookie lifetime if this limitation is still in place. I may try to patch something myself for my own use, something like issue a new JWT if the current one expired within the last 5 or 10 minutes and is otherwise valid , but I would really love to see something similar as an official change. |
You have two different lifetimes: one of the token and one of the cookie holding that token. Set them both to higher number of seconds to extend the lifetime. I would keep the cookie lifetime a bit longer. |
crypto default token lifetime 7200 this would be 2 hours expiration |
I am not trying to enlarge the lifetime, but to reset it with every interaction. If the user keeps on working with the page the lifetime is potentially eternal, but as soon as he stops, after for example 10 minutes the token expires. |
@carlo161 , are you asking for the ability to refresh the token just before it expires? |
As long as the user is active? |
Ah, I was mistaken. Either way, my overarching confusion was "Why have a longer cookie lifetime if the JWT expiring kills the session?" Anyway, back to this issue - yes, @greenpau , I think the ask is to make the token auto-refresh / have the expiration extend to now+increment on every request |
Yes, right. I would like to refresh the token with every call, as long as the user is active. |
Following this for further information. Since i would like to refresh the token on every call too. |
Any update on this? This plugin already support token refresh? |
When I successfully login and gets forwarded to my webpage I obtain the following:
I would like to implement some sort of a timeout: if you do not interact with the page in 10 minutes, at the next call you will have to login again.
Right now I am using:
But after 20 minutes I have to login again.
With every call the expiration of the session cookie gets extended but the access_token one no.
Is it possible to do that?
The text was updated successfully, but these errors were encountered: