[FEATURE] Customizable max_age in tokens used by Remember

riverrun / phauxth

Not actively maintained - Authentication library for Phoenix, and other Plug-based, web applications

409 stars 21 forks source link

[FEATURE] Customizable max_age in tokens used by Remember #101

Closed KalvinHom closed 5 years ago

KalvinHom commented 5 years ago

Problem

Phauxth.AuthenticateToken, Phauxth.Confirm and Phauxth.Remember are all expecting the same token_module set in the configuration. However, it would be useful to allow each to have a different max_age set. I would want the Remember token to be valid for much longer than I want the other two.

Remember.add_rem_cookie allows you to set the max_age, but Token.verify still uses its own @max_age

Solution

Allow Remember, AuthenticateToken, and Confirm to set their own max_age for the tokens.

riverrun commented 5 years ago

Thanks for opening the issue. I will get back to you later today or tomorrow.

riverrun commented 5 years ago

At the moment, Remember and Confirm both override the default max_age set in the Token module. Only AuthenticateToken uses the default value.

How are you defining Token.verify?

riverrun commented 5 years ago

I see the issue now. I need to add a max_age option to the Remember plug. I will have a fix ready in a day or two.

riverrun commented 5 years ago

I have added a max_age option to the Remember plug, so it should work as expected now. There is still some work to do on the documentation, so I will keep this issue open for the moment.

KalvinHom commented 5 years ago

Ah, sorry missed your question, but thanks for the fix!