Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Support expiry of refresh tokens and expiry of the overall session when refresh tokens are in use. #11425

Merged
merged 26 commits into from
Nov 26, 2021
Merged

Support expiry of refresh tokens and expiry of the overall session when refresh tokens are in use. #11425

Changes from 1 commit
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
a29bf71
Add expiry_ts and ultimate_session_expiry_ts to refresh_tokens table
reivilibre Nov 18, 2021
88e5403
Use expiry_ts and ultimate_session_expiry_ts
reivilibre Nov 18, 2021
d26cf03
Return expiry and ultimate session expiry when looking up refresh tokens
reivilibre Nov 18, 2021
668ff10
Pass in both access and refresh token expiry times to `refresh_token`
reivilibre Nov 18, 2021
ee0310d
Enforce refresh token expiry
reivilibre Nov 18, 2021
21cb0c7
Add refresh_token_lifetime configuration option
reivilibre Nov 18, 2021
7e6d64e
Set up refresh token and ultimate session expiry on initial login
reivilibre Nov 18, 2021
db81406
Bound the lifetime of access and refresh tokens by the ultimate sessi…
reivilibre Nov 19, 2021
df26db6
Set validity correctly on refresh
reivilibre Nov 19, 2021
2ab9500
Some fixes around optional expiry
reivilibre Nov 22, 2021
f6d2e5a
Rename existing test to less confusing name
reivilibre Nov 22, 2021
8c5cb14
Add a test for refresh token expiry
reivilibre Nov 22, 2021
38adfbc
Factorise `use_refresh_token` function
reivilibre Nov 22, 2021
c72a7ed
Remove compatibility error between refresh tokens and session lifetimes
reivilibre Nov 24, 2021
f96c3c0
Add test for ultimate session expiry
reivilibre Nov 25, 2021
5322e1d
Antilint
reivilibre Nov 25, 2021
d83b8fe
Merge branch 'develop' into rei/expirable_refresh_tokens
reivilibre Nov 25, 2021
0d48026
Newsfile
reivilibre Nov 25, 2021
b5bdd97
Fixes falling out of the config option rename in develop
reivilibre Nov 25, 2021
87f5edf
Remove obsolete note and default about compatibility
reivilibre Nov 25, 2021
2e6ed28
Use constants for HTTP statuses in lieu of literals
reivilibre Nov 26, 2021
31d09e4
Document access_token_valid_until_ms
reivilibre Nov 26, 2021
29cee1d
Handle the case (on login) that session lifetime is shorter than toke…
reivilibre Nov 26, 2021
79cec6e
Try to make test_refresh_token_expiry clearer
reivilibre Nov 26, 2021
6b186a9
Check that refreshable access tokens arising from refresh have the co…
reivilibre Nov 26, 2021
430b305
Speak of refreshing the session rather than refreshing the access tok…
reivilibre Nov 26, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 0 additions & 8 deletions synapse/config/registration.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,14 +127,6 @@ def read_config(self, config, **kwargs):
access_token_lifetime = self.parse_duration(access_token_lifetime)
self.access_token_lifetime = access_token_lifetime

if session_lifetime is not None and access_token_lifetime is not None:
DMRobertson marked this conversation as resolved.
Show resolved Hide resolved
raise ConfigError(
"The refresh token mechanism is incompatible with the "
"`session_lifetime` option. Consider disabling the "
"`session_lifetime` option or disabling the refresh token "
"mechanism by removing the `access_token_lifetime` option."
)

refresh_token_lifetime = config.get("refresh_token_lifetime")
if refresh_token_lifetime is not None:
refresh_token_lifetime = self.parse_duration(refresh_token_lifetime)
Expand Down