Altered default token lifetimes and also made them configurable.
This commit is contained in:
parent
093266eb1e
commit
c91fa69362
GPG key ID:
2C9C2C574D47FE3E
4 changed files with 63 additions and 16 deletions
|
|
@ -5,7 +5,8 @@ use Carbon\CarbonImmutable;
|
|||
use Index\Db\DbResult;
|
||||
|
||||
class OAuth2AccessInfo {
|
||||
public const int DEFAULT_LIFETIME = 3600;
|
||||
public const int LIFETIME_PUBLIC = 60 * 60; // 1 hour for public clients
|
||||
public const int LIFETIME_CONFIDENTIAL = 3 * 60 * 60; // 3 hours for confidential clients
|
||||
|
||||
public function __construct(
|
||||
public private(set) string $id,
|
||||
|
|
|
|||
|
|
@ -15,6 +15,34 @@ class OAuth2Context {
|
|||
public private(set) OAuth2DevicesData $devices;
|
||||
public private(set) OAuth2Keys $keys;
|
||||
|
||||
public string $userInfoWebsiteProfileField {
|
||||
get => $this->config->getString('userinfo_website_profile_field');
|
||||
}
|
||||
|
||||
public string $deviceVerificationUri {
|
||||
get => $this->config->getString('device.verification_uri');
|
||||
}
|
||||
|
||||
public string $deviceVerificationCompleteUriFormat {
|
||||
get => $this->config->getString('device.verification_uri_complete');
|
||||
}
|
||||
|
||||
public int $accessTokenLifetimePublic {
|
||||
get => $this->config->getInteger('access_lifetime_public', OAuth2AccessInfo::LIFETIME_PUBLIC);
|
||||
}
|
||||
|
||||
public int $accessTokenLifetimeConfidential {
|
||||
get => $this->config->getInteger('access_lifetime_confidential', OAuth2AccessInfo::LIFETIME_CONFIDENTIAL);
|
||||
}
|
||||
|
||||
public int $refreshTokenLifetimePublic {
|
||||
get => $this->config->getInteger('refresh_lifetime_public', OAuth2RefreshInfo::LIFETIME_PUBLIC);
|
||||
}
|
||||
|
||||
public int $refreshTokenLifetimeConfidential {
|
||||
get => $this->config->getInteger('refresh_lifetime_confidential', OAuth2RefreshInfo::LIFETIME_CONFIDENTIAL);
|
||||
}
|
||||
|
||||
public function __construct(
|
||||
private Config $config,
|
||||
DbConnection $dbConn,
|
||||
|
|
@ -27,8 +55,26 @@ class OAuth2Context {
|
|||
$this->keys = new OAuth2Keys($config->getArray('keys'));
|
||||
}
|
||||
|
||||
public string $userInfoWebsiteProfileField {
|
||||
get => $this->config->getString('userinfo_website_profile_field');
|
||||
public function formatDeviceVerificationCompleteUri(string $code): string {
|
||||
return sprintf($this->deviceVerificationCompleteUriFormat, $code);
|
||||
}
|
||||
|
||||
public function getAccessTokenLifetime(AppInfo $appInfo): int {
|
||||
if($appInfo->accessTokenLifetime !== null)
|
||||
return $appInfo->accessTokenLifetime;
|
||||
|
||||
return $appInfo->confidential
|
||||
? $this->accessTokenLifetimeConfidential
|
||||
: $this->accessTokenLifetimePublic;
|
||||
}
|
||||
|
||||
public function getRefreshTokenLifetime(AppInfo $appInfo): int {
|
||||
if($appInfo->refreshTokenLifetime !== null)
|
||||
return $appInfo->refreshTokenLifetime;
|
||||
|
||||
return $appInfo->confidential
|
||||
? $this->refreshTokenLifetimeConfidential
|
||||
: $this->refreshTokenLifetimePublic;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -63,7 +109,7 @@ class OAuth2Context {
|
|||
$appInfo,
|
||||
userInfo: $userInfo,
|
||||
scope: $scope,
|
||||
lifetime: $appInfo->accessTokenLifetime,
|
||||
lifetime: $this->getAccessTokenLifetime($appInfo),
|
||||
);
|
||||
}
|
||||
|
||||
|
|
@ -76,7 +122,7 @@ class OAuth2Context {
|
|||
$appInfo,
|
||||
userInfo: $accessInfo->userId,
|
||||
scope: $accessInfo->scope,
|
||||
lifetime: $appInfo->refreshTokenLifetime,
|
||||
lifetime: $this->getRefreshTokenLifetime($appInfo),
|
||||
);
|
||||
}
|
||||
|
||||
|
|
@ -181,16 +227,16 @@ class OAuth2Context {
|
|||
$result = [
|
||||
'device_code' => $deviceInfo->code,
|
||||
'user_code' => $userCode,
|
||||
'verification_uri' => $this->config->getString('device.verification_uri'),
|
||||
'verification_uri_complete' => sprintf($this->config->getString('device.verification_uri_complete'), $userCode),
|
||||
'verification_uri' => $this->deviceVerificationUri,
|
||||
'verification_uri_complete' => $this->formatDeviceVerificationCompleteUri($userCode),
|
||||
];
|
||||
|
||||
$expiresIn = $deviceInfo->remainingLifetime;
|
||||
if($expiresIn < OAuth2DeviceInfo::DEFAULT_LIFETIME)
|
||||
if($expiresIn < OAuth2DeviceInfo::LIFETIME)
|
||||
$result['expires_in'] = $expiresIn;
|
||||
|
||||
$interval = $deviceInfo->interval;
|
||||
if($interval > OAuth2DeviceInfo::DEFAULT_POLL_INTERVAL)
|
||||
if($interval > OAuth2DeviceInfo::POLL_INTERVAL)
|
||||
$result['interval'] = $interval;
|
||||
|
||||
return $result;
|
||||
|
|
@ -212,14 +258,11 @@ class OAuth2Context {
|
|||
?string $scope = null
|
||||
): array {
|
||||
$result = [
|
||||
'access_token' => $accessInfo->token,
|
||||
'token_type' => 'Bearer',
|
||||
'access_token' => $accessInfo->token,
|
||||
'expires_in' => $accessInfo->remainingLifetime,
|
||||
];
|
||||
|
||||
$expiresIn = $accessInfo->remainingLifetime;
|
||||
if($expiresIn < OAuth2AccessInfo::DEFAULT_LIFETIME)
|
||||
$result['expires_in'] = $expiresIn;
|
||||
|
||||
if($scope !== null)
|
||||
$result['scope'] = $scope;
|
||||
|
||||
|
|
|
|||
|
|
@ -5,8 +5,8 @@ use Carbon\CarbonImmutable;
|
|||
use Index\Db\DbResult;
|
||||
|
||||
class OAuth2DeviceInfo {
|
||||
public const int DEFAULT_LIFETIME = 600;
|
||||
public const int DEFAULT_POLL_INTERVAL = 5;
|
||||
public const int LIFETIME = 10 * 60;
|
||||
public const int POLL_INTERVAL = 5;
|
||||
|
||||
public function __construct(
|
||||
public private(set) string $id,
|
||||
|
|
|
|||
|
|
@ -5,6 +5,9 @@ use Carbon\CarbonImmutable;
|
|||
use Index\Db\DbResult;
|
||||
|
||||
class OAuth2RefreshInfo {
|
||||
public const int LIFETIME_PUBLIC = 7 * 24 * 60 * 60; // 7 days for public clients
|
||||
public const int LIFETIME_CONFIDENTIAL = 90 * 24 * 60 * 60; // 90 days for confidential clients
|
||||
|
||||
public function __construct(
|
||||
public private(set) string $id,
|
||||
public private(set) ?string $appId,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue