Following #211 and #194, we found out that, by default, OpenAPI sets default values for authorization_code_lifetime_seconds, access_id_token_lifetime_seconds and refresh_token_lifetime_seconds to 0.
This is misleading because, as we've seen, developers can copy/paste the whole example payload and inadvertently set the token lifetime to zero.
We should tweak the Pydantic schema so OpenAPI shows more sensible values.
BTW, maybe we should reconsider the minimum validation for those values, which is currently 0.
Upvote & Fund
We're using Polar.sh so you can upvote and help fund this issue.
We receive the funding once the issue is completed & confirmed by you.
Thank you in advance for helping prioritize & fund our backlog.
Following #211 and #194, we found out that, by default, OpenAPI sets default values for
authorization_code_lifetime_seconds,access_id_token_lifetime_secondsandrefresh_token_lifetime_secondsto0.This is misleading because, as we've seen, developers can copy/paste the whole example payload and inadvertently set the token lifetime to zero.
We should tweak the Pydantic schema so OpenAPI shows more sensible values.
BTW, maybe we should reconsider the minimum validation for those values, which is currently
0.Upvote & Fund