Clever Geek Handbook

OAuth2 PHP change expiration time

I am using this library: Oauth2 PHP

I cannot find a parameter to change the expiration time, I tried:

new OAuth2\Server($this->_mem, array('use_jwt_access_tokens' => true, 'access_token_lifetime' => 2419200));

But the lifetime of the token is always 3600. What's the correct setting?

Edit: As I said, I tried to use the refresh token

new OAuth2\Server($this->_mem, array('use_jwt_access_tokens' => true, 'always_issue_new_refresh_token' => true));

The grant type client_credential ++ JWT media works, but I never get the refresh token (access token only). Even when validating the token, I never get the refresh token.

Edit: Since the update doesn't work for me as I suggested, I tried to set the token expiration time by doing

new OAuth2\Server($this->_mem, array('use_jwt_access_tokens' => true, 'access_lifetime' => 12000));

Responding to client credentials still returns a short token

{ ["access_token"]=> string(648) "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpZCI6ImU0NjE0MzdhMjY2YjFkNWY0OWU5MDY5MjQwODg5NjU0MDI2ZGRmODAiLCJpc3MiOiIiLCJhdWQiOiI4OWM2MjRmNTNiYTVmOTM3NjFmZWFhNmU1MGI1ZDk1NGQ4ZGRjMTIxIiwic3ViIjpudWxsLCJleHAiOjE0MzQ0NjI2NDIsImlhdCI6MTQzNDQ1OTA0MiwidG9rZW5fdHlwZSI6ImJlYXJlciIsInNjb3BlIjoicHVibGljIHJlYWRfbmV3cyJ9.Mk_KyUk_8yPnq9eEjvgVOJXBOkQSifAPbEaUvY4X9WvfmImPnC7PJx_99ODpiJR_gMLhZ3gBl1gQEJ2z6xUZ83dntCYzGWumkVLNpJG8omuVkmZqNnbLYYXl-vzmGOblceeDrKw_lrXc4rb72BeFaMeZWwFV7YMrgA0LOsYyZmAiDblcbHtpPGpUd2EC3y7VxLnyA8u07eY4aswOHwClPlDwHX_HwfMUmDLWkoTcrRf1AvKn-cnj41eL0SU9AJHWab8AOK7lxDsaqnits5pXj--cG9hr8pWOsFPQ2D9qYOsMvbEOi4zDJEdaIp-qvzn6N5Wrm5GxdbU1AqwvM531hQ" ["expires_in"]=> int(3600) ["token_type"]=> string(6) "bearer" ["scope"]=> string(16) "public" }

It seems to be a cache issue, the token is now set to the correct length / expiration time

+4


source to share


2 answers


You can change the lifetime access_token

with a config option access_lifetime

OAuth2\Server

to test the code .

The access_lifetime

config parameter is used when creating the token on OAuth2\ResponseType\JwtAccessToken

line 63 :

$expires = time() + $this->config['access_lifetime'];


This can be set when you create a server instance that accepts the following configuration parameters, listed on OAuth2\Server

lines 109 through 126 .

    // merge all config values.  These get passed to our controller objects
    $this->config = array_merge(array(
        'use_jwt_access_tokens'        => false,
        'store_encrypted_token_string' => true,
        'use_openid_connect'       => false,
        'id_lifetime'              => 3600,
        'access_lifetime'          => 3600,
        'www_realm'                => 'Service',
        'token_param_name'         => 'access_token',
        'token_bearer_header_name' => 'Bearer',
        'enforce_state'            => true,
        'require_exact_redirect_uri' => true,
        'allow_implicit'           => false,
        'allow_credentials_in_request_body' => true,
        'allow_public_clients'     => true,
        'always_issue_new_refresh_token' => false,
        'unset_refresh_token_after_use' => true,
    ), $config);

There is also support for refresh tokens according to the code for Server.php

and JwtAccessToken.php

.

+2


source


In server.php (where you pass the grant type and client credentials)

$config = array(
    'access_lifetime' => 86400
);
$server = new OAuth2\Server($storage, $config);


source: https://github.com/bshaffer/oauth2-server-php/issues/699

0


source






More articles:


All Articles