search

bitwarden / passwordless-server

Bitwarden Passwordless.dev infrastructure/backend (API, database, Docker, etc).
https://bitwarden.com/
Other
83 stars 26 forks source link

Request: add time-to-live option for `/signin/generate-token` #731

Closed hingobway closed 1 week ago

hingobway commented 2 weeks ago

Hi,

I was implementing an alternative email provider for magic link sign-ins and got it working using the /signin/generate-token endpoint.

However, as far as I can tell this endpoint has no configurable time-to-live, and only outputs tokens with a TTL of 2 minutes, which is far too short for email links. It would be great to make that option configurable!

abergs commented 1 week ago

Hey @hingobway, we're taking a look at this.

jonashendrickx commented 1 week ago

@abergs & @hingobway The schema does mention timeToLive in the request body:

https://v4.passwordless.dev/swagger/index.html

It is marked as obsolete, but this is probably wrong, and I can see it being used in the back-end to return the authentication token. Likely was marked as obsolete as we wanted to prevent using it elsewhere in our own codebase.

hingobway commented 1 week ago

@jonashendrickx that's interesting, thanks. I actually didn't realize that that "Schema" switch in the docs was a button at all.

Are you able to get that timeToLive parameter to work? I just tried including one, and it didn't seem to have any effect.

jonashendrickx commented 1 week ago

@hingobway Does the following request work for you? You might have to change the ApiSecret to whatever your keys are:

POST https://v4.passwordless.dev/signin/generate-token
Content-Type: application/json
ApiSecret: your-api-secret-here

{
  "userId": 1,
  "timeToLive": 30
}

I just double checked locally everything was properly working. The timeToLive parameter takes an integer in seconds. And will default to a value of 120 seconds if the field is not present.

If it is still not working, we can always verify in a call.

hingobway commented 1 week ago

Ok, it worked perfectly this time, not sure what I did last time. Sorry for the confusion, and thanks for your help!

jonashendrickx commented 1 week ago

@hingobway You're welcome!

In the next release, the property will show up properly in the Open API documentation.

If you encounter any other issues, don't hesitate to reach out again!

Tyrrrz commented 1 week ago

Docs fix: https://github.com/bitwarden/passwordless-docs/pull/147