bshaffer
commented
8 years ago Hey Brandon! For future reference, you should log issue to https://github.com/bshaffer/oauth2-server-php, unless this is an issue pertaining directly to the docs.
To your first issue - where were you passing refresh_token_lifetime to? I think this issue is describing the same problem. Maybe we can make it clearer in the docs.
To your second issue - always_issue_new_refresh_token has actually been renamed to unset_refresh_token_after_use for clarity. Basically, this config just means when a token is refreshed, it removes the old token. The only reason this parameter hasn't been removed yet is for backwards compatibility. So you should set it to false.
Hi guys,
We’re using the OAuth 2.0 library for our PHP REST Application which feeds our iOS App. We are getting pretty frequent logouts and I can not figure out why. One reason I discovered was that the expiration on refresh tokens is only being set for a week when I set the refresh_token_lifetime to 2419200 which should be 28 days (I actually figured this one out, was passing the config to the wrong part).
I also have another question, I have “always_issue_new_refresh_token” set so that as long as the user continuously uses the app they will never be logged out, unless they wait for a month. We are getting tons of refresh tokens in the database, should I be revoking the old ones? What could be causing more than 1 from ever being generated at a time? Same with access tokens, should old ones ever be deleted or are those fine to keep in there?
Thanks, Brandon