search

aarona / devise_jwt_auth

A JWT-based port of Devise Token Auth
Do What The F*ck You Want To Public License
7 stars 2 forks source link

Customize Expiration? #13

Open eprislac opened 2 years ago

eprislac commented 2 years ago

Not really an issue, just a question... is it possible to set a custom expiration on the token, or set it to nil?

aarona commented 2 years ago

Great question.

Yes. After you install the initializer by running:

rails generate devise_jwt_auth:install User auth

You can modify the default settings in the file:

config/initializers/devise_jwt_auth.rb

You have two settings that you can modify. config.refresh_token_lifespan and config.access_token_lifespan. The refresh token is meant to be a long lasting token (maybe 1 to 2 weeks? Maybe more depending one what you're needs are). The access token should be much shorter. Only a few minutes long.

Setting either token's life span to nil will actually cause an error but even if it made your tokens to never expire, this would give someone an authentication token that would never expire and that's probably not ideal. I should probably just set the tokens to expire immediately if someone did this. Something to work on in the future.

Sorry for this confusion with the configuration settings. I need to add this final installation step in the README file. There is a USAGE documentation file but I need to have it print out properly.

I'm going to be making some changes to the library soon so its compatible with Rails 7. A lot of auth libraries that depend on Devise were waiting for Rails 7 support but its available now.