search

nejdetkadir / devise-api

The devise-api gem is a convenient way to add authentication to your Ruby on Rails application using the devise gem. It provides support for access tokens and refresh tokens, which allow you to authenticate API requests and keep the user's session active for a longer period of time on the client side
MIT License
152 stars 22 forks source link

Access_Token & Refresh_Token expire at the same time #26

Closed TruAmbition closed 1 year ago

TruAmbition commented 1 year ago

Hello, I've been trying to figure this out for the past couple of days. Before making any changes to my config/initializers/devise.rb file, It appears that the access_token defaults to an expiration value of 3600 (1 hour). To my understanding, the refresh_token expiration should be longer than the access_token in order for us to get a new access_token once it expires by way of the refresh token.

Today, I reviewed the Repo documentation and was happy to see I could in fact override these values. For a test, I changed applied the following config.

  config.api.configure do |api|
    # Access Token
    api.access_token.expires_in = 1.minute
    # Refresh Token
    api.refresh_token.enabled = true
    api.refresh_token.expires_in = 15.minutes

  end

I was hoping this would increase my test iteration time, allowing me to validate my new access_token logic. However, when testing this post login just after 1 mins, the response yield token expired. I am passing the refresh token to get a new access token and it should live longer than 1 min. I'm curious if anyone else has faced a similar issue, and if the source code itself may need updating to be able to appropriately extend these values independently.

please advise...

-Truman

rohitpaliwalstartbit commented 1 year ago

Hello, I am getting the same issue did you find any solution?

nejdetkadir commented 1 year ago

This is fixed with v0.1.3

TruAmbition commented 1 year ago

This is fixed with v0.1.3

Thank you @nejdetkadir !!! 🚀