This repository was archived by the owner on Apr 26, 2024. It is now read-only.
This repository was archived by the owner on Apr 26, 2024. It is now read-only.
Stabilise support for Refresh Tokens and support Refresh Token expiry #11372
Description
This is a list of things that I need to do to rejuvenate refresh tokens.
- add more configuration options and rename the existing
access_token_lifetimeoption as it's a misnomer (1) - make changes to update to the latest version of the MSC
- drop the unstable prefixes
- add developer documentation
- add admin documentation
- make refresh tokens expirable
- support session lifetime properly (? — don't know if strictly required yet)
(1): access_token_lifetime merely refers to refreshable access tokens. New options include:
- lifetime of non-refreshable access tokens
- lifetime of refresh tokens themselves
Also should consider howsession_lifetimewill be made to work as the 'ultimate session lifetime', since currently the two options are not compatible despite being about the same thing...?
Also should document the configuration option since, being experimental, it has not been documented yet.