feat: OAuth session expiry #222
Conversation
lib/_core_test.ts
Outdated
| Deno.test("setTokens() applies key expiry", async () => { | ||
| const sessionId = crypto.randomUUID(); | ||
| const oauthSession = randomOAuthSession(); | ||
| await setOAuthSession(sessionId, oauthSession, { expireIn: 1_000 }); | ||
|
|
||
| assertEquals(await getOAuthSession(sessionId), oauthSession); | ||
| await delay(10_000); | ||
| assertEquals(await getOAuthSession(sessionId), null); | ||
| }); | ||
|
|
There was a problem hiding this comment.
Could it have to do with this?
There was a problem hiding this comment.
In the deno runtime tests, they manually stop/start the DB to trigger immediate cleanup of expired keys. Not sure if that's really viable to do here or not
There was a problem hiding this comment.
Good catch, @mitchwadair! Yes, database stop/start is not ideal in our case. We run our tests in-memory to avoid the need for cleanup. Though, I guess it wouldn't be too hard to move away from that... @losfair, is in-memory expiration supported?
There was a problem hiding this comment.
@iuioiua Yes, expiration is handled in the same way for in-memory and persistent databases - but since the cleanup interval is long (~1 minute) it isn't practical to depend on periodic cleanup in a test.
Currently I think the best approach is to open a persistent database and re-open it to trigger an immediate cleanup...
There was a problem hiding this comment.
I've opted not to test OAuth session expiration as it'd interfere too much with the current KV setup of this module. I've added a small note detailing the reasoning.
This change adds OAuth session expirations to Deno KV. This will automatically keep the
oauth-sessionKV space clean by expiring entries after 10 minutes, on par with cookie expiration.Supercedes #170
Closes #148