Skip to content

Add a way to change token settings, or if there already is one, document it #1385

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
HendrikHuebner opened this issue Oct 13, 2023 · 2 comments
Closed

Add a way to change token settings, or if there already is one, document it #1385

HendrikHuebner opened this issue Oct 13, 2023 · 2 comments
Assignees
@jgrandja
Labels
status: invalid An issue that we don't feel is valid

Comments

@HendrikHuebner
Copy link

Expected Behavior
There should be a way to change basic settings of the generated bearer and refresh token such as lifespan.

Current Behavior
I have not found any documentation on how to do this. I have been looking at the code and there seems to be a TokenSettings class,
however, I could not find an easy way to change those settings.

Context
I would like to change token lifespans without having to write a TokenGenerator or something like that
@HendrikHuebner HendrikHuebner added the type: enhancement A general enhancement label Oct 13, 2023
@martinr0x
Copy link
Contributor

martinr0x commented Oct 16, 2023
edited
Loading

Hi Hendrik,
you can change the token life span by overwriting the tokenSettings property ACCESS_TOKEN_TIME_TO_LIVE of your oAuth2 client. https://github.com/spring-projects/spring-authorization-server/blob/main/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/settings/TokenSettings.java#L55

@jgrandja
Copy link
Collaborator

@HendrikHuebner Please review the reference documentation for RegisteredClient:

tokenSettings: The custom settings for the OAuth2 tokens issued to the client – for example, access/refresh token time-to-live, reuse refresh tokens, and others.

You can set/override the TokenSettings for a RegisteredClient using custom TTL settings.

@jgrandja jgrandja self-assigned this Oct 20, 2023
@jgrandja jgrandja added status: invalid An issue that we don't feel is valid and removed type: enhancement A general enhancement labels Oct 20, 2023
@OrangeDog OrangeDog mentioned this issue Apr 3, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jgrandja jgrandja

Labels
status: invalid An issue that we don't feel is valid
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jgrandja @martinr0x @HendrikHuebner