diff options
| author | reivilibre <oliverw@matrix.org> | 2021-11-26 14:27:14 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-11-26 14:27:14 +0000 |
| commit | 1d8b80b3346b31a297668e093fb813d9ce7a1b48 (patch) | |
| tree | 651c1adff845a6302f78fe6d02492927cfac418e /synapse/config | |
| parent | Create healthcheck script for synapse-workers container (#11429) (diff) | |
| download | synapse-1d8b80b3346b31a297668e093fb813d9ce7a1b48.tar.xz | |
Support expiry of refresh tokens and expiry of the overall session when refresh tokens are in use. (#11425)
Diffstat (limited to 'synapse/config')
| -rw-r--r-- | synapse/config/registration.py | 24 |
1 files changed, 7 insertions, 17 deletions
diff --git a/synapse/config/registration.py b/synapse/config/registration.py index 61e569d412..5e21548060 100644 --- a/synapse/config/registration.py +++ b/synapse/config/registration.py @@ -113,14 +113,11 @@ class RegistrationConfig(Config): self.session_lifetime = session_lifetime # The `refreshable_access_token_lifetime` applies for tokens that can be renewed - # using a refresh token, as per MSC2918. If it is `None`, the refresh - # token mechanism is disabled. - # - # Since it is incompatible with the `session_lifetime` mechanism, it is set to - # `None` by default if a `session_lifetime` is set. + # using a refresh token, as per MSC2918. + # If it is `None`, the refresh token mechanism is disabled. refreshable_access_token_lifetime = config.get( "refreshable_access_token_lifetime", - "5m" if session_lifetime is None else None, + "5m", ) if refreshable_access_token_lifetime is not None: refreshable_access_token_lifetime = self.parse_duration( @@ -128,17 +125,10 @@ class RegistrationConfig(Config): ) self.refreshable_access_token_lifetime = refreshable_access_token_lifetime - if ( - session_lifetime is not None - and refreshable_access_token_lifetime is not None - ): - raise ConfigError( - "The refresh token mechanism is incompatible with the " - "`session_lifetime` option. Consider disabling the " - "`session_lifetime` option or disabling the refresh token " - "mechanism by removing the `refreshable_access_token_lifetime` " - "option." - ) + refresh_token_lifetime = config.get("refresh_token_lifetime") + if refresh_token_lifetime is not None: + refresh_token_lifetime = self.parse_duration(refresh_token_lifetime) + self.refresh_token_lifetime = refresh_token_lifetime # The fallback template used for authenticating using a registration token self.registration_token_template = self.read_template("registration_token.html") |