Feature Request: Dynamic expiration_time based on request params

[hmnhf]

Hello, and thank you for the effort you've put into this useful gem!

In our case, we need to have a different expiration_time set for the generated token based on a request parameter.

Looking through the code, it seems possible to change expiration_time setting to also support a callable object (e.g. a proc) with the request params passed to it similar to the following:

Warden::JWTAuth.configure do |config|
  config.expiration_time = proc { |request_params| request_params['remember_me'] ? 24.hours.to_i : 1.hour.to_i }
  ...
end

Would you be interested in accepting a PR for this feature?

EDIT 1: Just saw https://github.com/waiting-for-dev/devise-jwt/issues/264. This feature could help with that issue as well. EDIT 2: We could also make it based on request headers (instead/as well), not necessarily based on params.

[waiting-for-dev]

Hey @hmnhf,

Having a long-lived auth token is considered insecure, as it gets exposed a lot and could be compromised. You need a refresh token to re-generate an auth token. We could implement something like that here, but it's probably wiser to use a standard like Oauth for that.

Sorry for not being more helpful, but it wouldn't be a good practice to encourage that from here :cry: