Add support for setting oauth token TTL

2021-11-17 12:52:15 +01:00 · 2021-11-17 12:52:15 +01:00 · 14450dc45f
commit 14450dc45f
parent 3241ff4ec2
3 changed files with 24 additions and 1 deletions
--- a/auth/oauth2/oauth2.go
+++ b/auth/oauth2/oauth2.go
@ -19,7 +19,14 @@ const (

 func NewManager(opt options.AuthOpt, log *zap.Logger, cs oauth2.ClientStore, ts oauth2.TokenStore) *manage.Manager {
 	manager := manage.NewDefaultManager()
-	manager.SetAuthorizeCodeTokenCfg(manage.DefaultAuthorizeCodeTokenCfg)
+
+	// Here we are cloning the internal package variable as I do not think
+	// it is sane to overwrite it directly.
+	cfg := *manage.DefaultAuthorizeCodeTokenCfg
+	cfg.AccessTokenExp = opt.AccessTokenLifetime
+	cfg.RefreshTokenExp = opt.RefreshTokenLifetime
+
+	manager.SetAuthorizeCodeTokenCfg(&cfg)

 	// token store
 	manager.MapTokenStorage(ts)
--- a/pkg/options/auth.gen.go
+++ b/pkg/options/auth.gen.go
@ -16,6 +16,8 @@ type (
 	AuthOpt struct {
 		LogEnabled               bool          `env:"AUTH_LOG_ENABLED"`
 		Secret                   string        `env:"AUTH_JWT_SECRET"`
+		AccessTokenLifetime      time.Duration `env:"AUTH_OAUTH2_ACCESS_TOKEN_LIFETIME"`
+		RefreshTokenLifetime     time.Duration `env:"AUTH_OAUTH2_REFRESH_TOKEN_LIFETIME"`
 		Expiry                   time.Duration `env:"AUTH_JWT_EXPIRY"`
 		ExternalRedirectURL      string        `env:"AUTH_EXTERNAL_REDIRECT_URL"`
 		ExternalCookieSecret     string        `env:"AUTH_EXTERNAL_COOKIE_SECRET"`
@ -43,6 +45,8 @@ type (
 func Auth() (o *AuthOpt) {
 	o = &AuthOpt{
 		Secret:                   getSecretFromEnv("jwt secret"),
+		AccessTokenLifetime:      time.Hour * 2,
+		RefreshTokenLifetime:     time.Hour * 24 * 3,
 		Expiry:                   time.Hour * 24 * 30,
 		ExternalRedirectURL:      fullURL("/auth/external/{provider}/callback"),
 		ExternalCookieSecret:     getSecretFromEnv("external cookie secret"),
--- a/pkg/options/auth.yaml
+++ b/pkg/options/auth.yaml
@ -22,6 +22,18 @@ props:
      Generated secret will change if you change any of these variables.
      ====

+  - name: accessTokenLifetime
+    type: time.Duration
+    env: AUTH_OAUTH2_ACCESS_TOKEN_LIFETIME
+    default: time.Hour * 2
+    description: Access token lifetime
+
+  - name: refreshTokenLifetime
+    type: time.Duration
+    env: AUTH_OAUTH2_REFRESH_TOKEN_LIFETIME
+    default: time.Hour * 24 * 3
+    description: Refresh token lifetime
+
  - name: expiry
    type: time.Duration
    env: AUTH_JWT_EXPIRY