Closed xuanyue202 closed 4 years ago
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
This issue has been closed due to continued inactivity. Thank you for your understanding. If you believe this to be in error, please contact one of the code owners, listed in the CODEOWNERS
file at the top-level of this repository.
Description/Steps to reproduce
In Loopback, eternal Access Token's TTL value is -1. It is apparent that when ttl = -1, the following code (and the similar places in the same file) gives invalid maxAge. As a result, the access_token cookie is regarded as expired on client side and never be set. The client see Unauthorized.
https://github.com/strongloop/loopback-component-passport/blob/59cc03aa360f939c3ab51675d2ac8adad117bbb3/lib/passport-configurator.js#L577
Link to reproduction sandbox
Expected result
Always need a positive maxAge number so that the client could be logged in with eternal Access Token.
Negative number.
Additional information