diff options
author | David Robertson <davidr@element.io> | 2023-05-10 19:08:29 +0100 |
---|---|---|
committer | David Robertson <davidr@element.io> | 2023-05-10 19:08:29 +0100 |
commit | c7c5c99f7ed55fadacbdb596ed0efeac04e4552e (patch) | |
tree | baeb9defc046f71863b4f28e828b7cd477f1d37c | |
parent | Fix documented path to largest rooms statistics endpoint. (#15560) (diff) | |
download | synapse-dmr/complement-refreshing-tokens-lifetime.tar.xz |
Complement: refreshing access tokens live for 1s github/dmr/complement-refreshing-tokens-lifetime dmr/complement-refreshing-tokens-lifetime
-rw-r--r-- | docker/complement/conf/workers-shared-extra.yaml.j2 | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/docker/complement/conf/workers-shared-extra.yaml.j2 b/docker/complement/conf/workers-shared-extra.yaml.j2 index 63acf86a46..491a4303b6 100644 --- a/docker/complement/conf/workers-shared-extra.yaml.j2 +++ b/docker/complement/conf/workers-shared-extra.yaml.j2 @@ -17,6 +17,16 @@ url_preview_ip_range_blacklist: [] ## Registration ## +# At present, there is no way to expire a refreshing access token without also logging +# out the device. (The spec mandates that a refresh token is invalidated when a newer +# access token or refresh token is used, but the original access token continues on +# until expiry.) The default lifetime of a refreshing access tokens is 5 minutes; this +# is too long to wait in tests that probe the behaviour of refreshing access tokens. +# +# As a stopgap, make refreshing access tokens last for only a second. Tests can sleep +# for (a little over) 1s to ensure the token really has expired. +refreshable_access_token_lifetime: 1s + # Needed by Complement to register admin users # DO NOT USE in a production configuration! This should be a random secret. registration_shared_secret: complement |