Closed BrandonShega closed 8 years ago
Hey Brandon! For future reference, you should log issue to https://github.com/bshaffer/oauth2-server-php, unless this is an issue pertaining directly to the docs.
To your first issue - where were you passing refresh_token_lifetime
to? I think this issue is describing the same problem. Maybe we can make it clearer in the docs.
To your second issue - always_issue_new_refresh_token
has actually been renamed to unset_refresh_token_after_use
for clarity. Basically, this config just means when a token is refreshed, it removes the old token. The only reason this parameter hasn't been removed yet is for backwards compatibility. So you should set it to false
.
Hi guys,
We’re using the OAuth 2.0 library for our PHP REST Application which feeds our iOS App. We are getting pretty frequent logouts and I can not figure out why. One reason I discovered was that the expiration on refresh tokens is only being set for a week when I set the refresh_token_lifetime to 2419200 which should be 28 days (I actually figured this one out, was passing the config to the wrong part).
I also have another question, I have “always_issue_new_refresh_token” set so that as long as the user continuously uses the app they will never be logged out, unless they wait for a month. We are getting tons of refresh tokens in the database, should I be revoking the old ones? What could be causing more than 1 from ever being generated at a time? Same with access tokens, should old ones ever be deleted or are those fine to keep in there?
Thanks, Brandon